Haitham Cruickshank

Dr Haitham Cruickshank


Reader
PhD, MSc and BSc
+44 (0)1483 686007
02 CII 01

About

Biography

Dr. Haitham Cruickshank, Reader at the Institute for Communication Systems (ICS), University of Surrey, Guildford UK.

He is experience researcher and worked several UK, EU and ESA security related projects. He has been the main author on several ETSI specifications on Intelligent Transport Systems (ITS) privacy and broadband satellite network security architectures.

His main research interests are network, user and IoT privacy and security, future network architecture in mobile, satellite and Internet. He also teaches in the security, Internet networking and satellite courses at University of Surrey. He is a member of the IEEE Satellite and Space Communications Committee. Also he is a chartered engineer and corporate member of the IEE in UK.

He also has over 165 publications, including 38 refereed journals and 5 ETSI/IETF standard specifications

Research

Research interests

Publications

Shihan Bao, Ao Lei, Haitham Cruickshank, Zhili Sun, Philip Asuquo, Waleed Hathal (2019)A Pseudonym Certificate Management Scheme Based on Blockchain for Internet of Vehicles, In: IEEE 17TH INT CONF ON DEPENDABLE, AUTONOM AND SECURE COMP / IEEE 17TH INT CONF ON PERVAS INTELLIGENCE AND COMP / IEEE 5TH INT CONF ON CLOUD AND BIG DATA COMP / IEEE 4TH CYBER SCIENCE AND TECHNOLOGY CONGRESS (DASC/PICOM/CBDCOM/CYBERSCITECH)8890519pp. 28-35 IEEE

Research into the established area of ITS is evolving into the Internet of Vehicles (IoV), itself a fast-moving research area, fuelled in part by rapid changes in computing and communication technologies. Using pseudonym certificate is a popular way to address privacy issues in IoV. Therefore, the certificate management scheme is considered as a feasible technique to manage system and maintain the lifecycle of certificate. In this paper, we propose an efficient pseudonym certificate management scheme in IoV. The Blockchain concept is introduced to simplify the network structure and distributed maintenance of the Certificate Revocation List (CRL). The proposed scheme embeds part of the certificate revocation functions within the security and privacy applications, aiming to reduce the communication overhead and shorten the processing time cost. Extensive simulations and analysis show the effectiveness and efficiency of the proposed scheme, in which the Blockchain structure costs fewer network resources and gives a more economic solution to against further cybercrime attacks.

Shihan Bao, Waleed Hathal, Haitham Cruickshank, Zhili Sun, Phillip Asuquo, Ao Lei (2018)A lightweight authentication and privacy-preserving scheme for VANETs using TESLA and Bloom Filters, In: ICT express4(4)pp. 221-227 Elsevier

In Vehicular Ad hoc Networks (VANETs), broadcasted beacon messages are critical as most safety applications rely on them. However, the design of a secure broadcast authentication faces many security and privacy challenges as vehicles are vulnerable to active attacks and the revealing of location. In this paper, we propose a lightweight authentication scheme using Timed Efficient Stream Loss-Tolerant Authentication (TESLA) scheme and Bloom Filters that not only prevents active attacks but also adds a privacy-preserving feature to make the scheme have better performance. Simulation results indicate the scheme outperforms the existing schemes in terms of verification time and the level of anonymity. (C) 2017 The Korean Institute of Communications and Information Sciences (KICS). Publishing Services by Elsevier B.V.

Mohammed Al-Siyabi, Haitham Cruickshank, Zhili Sun, P. Cornice (2010)Fair Admission Control Model for Aircrafts Bundles Data Transmission for Delay Tolerant Networks, In: 2010 5TH ADVANCED SATELLITE MULTIMEDIA SYSTEMS CONFERENCE AND THE 11TH SIGNAL PROCESSING FOR SPACE COMMUNICATIONS WORKSHOP (ASMS/SPSC 2010)5586909pp. 54-61 IEEE

Aircrafts in commercial routes have been proposed in some previous work as a novel DTN bundle carriers [1]. Satellites can be one of the hops in this application. DTN suffers from intermittent disconnections, long delays and has scarce resources. It is a challenge to control the admission to these resources to provide better QoS and ensure optimum resource utilisation. Furthermore, providing fairness to different users who compete to access limited and scarce resources makes the solution even harder. In this paper, we propose a fair novel admission control model for DTN aircrafts applications based on feedback history logging of past admissions. This model will locally estimate the resources and provide fair admissions for users within a group of users in the same area. We will show an analysis of aircrafts fair admission control design for both aircraft initiated and user initiated approaches, which will provide integrated service per flow basis. The paper also presents the initial simulation model using a modified version of DTN2 emulator and DTNperf_2 performance monitoring tool.

Zongyang Luo, Zhili Sun, Haitharn Cruickshank (2007)Modelling and simulation study of TCP performance with link layer retransmission and fragmentation for satellite-UMTS networks, In: A N Ince, A Bragg (eds.), RECENT ADVANCES IN MODELING AND SIMULATION TOOLS FOR COMMUNICATION NETWORKS AND SERVICESpp. 137-155 Springer Nature

Satellite-based Universal Mobile Telecommunications System (S-UMTS) is used to provide all kinds of Transmission Control Protocol/Internet Protocol (TCP/IP) based Internet services for global end users. However due to the high propagation delay and high bit error rates over satellite links, the TCP performance degrades considerably and affects many qualities of TCP based services. In this work, we focus on studying the TCP performance in S-UMTS using radio link control (RLC) with fragmentation and retransmission mechanisms. Analytical and simulation studies have been carried out to study this cross-layer problem. Two scenarios have been studied, i.e., the satellite operates in either transparent mode or with onboard processor (OBP) mode. The results indicate that the TCP performance can be enhanced substantially by employing the relay function using OBP and appropriate configurations of RIC parameters, thus providing useful information to the design the next generation communication satellite with onboard processing.

M Alshamrani, Haitham Cruickshank, Zhili Sun, G Ansa, F Alshahwan (2016)SIP Signaling Implementations and Performance Enhancement over MANET: A Survey, In: International Journal of Advanced Computer Science and Applications7(5)pp. 191-202 The Science and Information (SAI) Organization

The implementation of the Session Initiation Protocol (SIP)-based Voice over Internet Protocol (VoIP) and multimedia over MANET is still a challenging issue. Many routing factors affect the performance of SIP signaling and the voice Quality of Service (QoS). Node mobility in MANET causes dynamic changes to route calculations, topology, hop numbers, and the connectivity status between the correspondent nodes. SIP-based VoIP depends on the caller’s registration, call initiation, and call termination processes. Therefore, the SIP signaling performance has an important role for the overall QoS of SIP-based VoIP applications for both IPv4 and IPv6 MANET. Different methods have been proposed to evaluate and benchmark the performance of the SIP signaling system. However, the efficiency of these methods vary and depend on the identified performance metrics and the implementation platforms. This survey examines the implementation of the SIP signaling system for VoIP applications over MANET and highlights the available performance enhancement methods.

L Liang, M Bhutta, Haitham Cruickshank, Zhili Sun, C Kulatunga, G Fairhurst (2009)Integration of TESLA and FLUTE over Satellite Networks

Multicast research has explored the security challenges faced in group communications. Multicast transport and multicast security need to work in close collaboration to realise a multicast service. However, there has been comparatively little work to combine the two technologies. In this paper the authors is presenting an example of partially integrating Timed Efficient Stream Loss-Tolerant Authentication (TESLA) protocol and the File Delivery over Unidirectional Transport (FLUTE) protocol. The security concern raised by the proposed algorithm is analysed for satellite network. The proposed algorithm was implemented on a testbed with multicast tunnel between University of Surrey and University of Aberdeen and the results are presented in this paper.

L Fan, C Baudoin, L Liang, A Yun, G Fairhurst, A Sathiaseelan, I Melhus, S Iyengar, JA Guerra, A Ramos, D Perez, R Castellot, E Callejo, MC de Domingo, Haitham Cruickshank, Z Sun (2007)The SATSIX architecture for next-generation satellite systems with IPv6 and DVB, In: 25th AIAA International Communications Satellite Systems Conference

Broadband satellite will play an important role to provide universal broadband access for the users. In order to lower the cost, the next-generation satellite systems should support IPv6 and seamlessly integrate with terrestrial networks, including wireless local loops. In this paper, a novel network architecture has been proposed as a potential solution to the above problem. Based on the proposed overall network and functional architecture, we have emphasised and presented different aspects of the advanced IPv6-enable networking techniques, such as QoS, multicast, security and mobility. The transport protocols can be used in this network architecture are also studied. © 2007 by SATSIX.

M Alshamrani, HS Cruickshank, Z Sun (2014)A Cross-Layer Approach to Enhance the Call Setup Performance of SIP-Based VoIP over AODV MANET., In: Eighth International Conference on Next Generation Mobile Apps, Services and Technologies (NGMAST), 2014pp. 241-247 IEEE

The implementation of SIP signaling over MANET is still a challenging issue, as many routing factors affect SIP performance. Node mobility and dynamic hop number changes between nodes are considered the main routing problems within MANET routing protocols. RFC 6076 proposed end-to-end performance metrics for SIP signaling to provide a standardized method of evaluating SIP performance over different platforms, however, no benchmarking values for these metrics have been proposed yet. In this paper, a cross-layer system designed to enhance the call setup performance of SIP-based VoIP over AODV-based MANET is proposed. The approach used is to employ the SIP performance metric to enhance the call setup time by adjusting the Time-To-Live (TTL) parameter and the Route Request (RREQ) message retries for the AODV route request messages to support the reach ability ratio of SIP INVITE and re-INVITE messages to reduce the call setup time of SIP-based VoIP. The study investigated the Session Request Delay performance metric of SIP signaling as part of the SIP over MANET simulation efforts. Both the call setup time and the number of SIP calls over random waypoint mobility models were enhanced by applying instantaneous modifications to the TTL parameter and RREQ retries, increasing the delivery ratio of route discovery messages to about 35-40% compared with the classic AODV routing protocol.

L Fan, C Baudoin, F Rodriguez, A Ramos, JA Guerra, B de la Cuesta, G Fairhurst, A Sathiaseelan, P Berthou, T Gayraud, L Liang, A Yun, E Callejo, I Melhus, S Iyengar, Haitham Cruickshank, Z Sun (2008)SATSIX: A network architecture for next-generation DVB-RCS systems, In: L Fan, H Cruickshank, Z Sun (eds.), IP NETWORKING OVER NEXT-GENERATION SATELLITE SYSTEMSpp. 103-125
M Al-Siyabi, H Cruickshank, Z Sun, G Ansa (2011)Fairness and satisfaction model for DTN applications using various transportation means, In: Lecture Notes in Computer Science: Wired/Wireless Internet Communications6649pp. 446-457

Delay Tolerant Network suffers from lack of resources and disconnected contact nature. In DTN, all possible methods are used to transmit data including the physical transportations means. Aircrafts in commercial routes have been proposed to carry data from ground users along their flying routes. Delivery probability is compared when using aircrafts, buses and ferries. Results show that aircrafts provide higher delivery probability which is up to 62% better compared with buses and ferries. Furthermore, when there is lack of resources, it is difficult to satisfy all users’ demands for traffic. We propose a Fairness and Satisfaction (FS) model to enhance the users’ satisfaction during DTN limited and scarce resources. Various scenarios are tested for the FS model through intense simulations. FS model, when implemented, will improve user’s satisfaction up to 18 % and DTN fairness up to 20 % compared with the same scenario lacking the model.

P Navaratnam, HS Cruickshank, R Tafazolli (2007)A link adaptive transport protocol for multimedia streaming applications in multi hop wireless networks., In: T Dagiuklas, N Sklavos (eds.), MobiMedia329pp. 34-34
M Al-Fares, Zhili Sun, Haitham Cruickshank (2009)High Survivable Routing Protocol in Self Organizing Wireless Sensor Network, In: IAENG International Journal of Computer Science36(2)pp. 147-156 International Association of Engineers

Wireless Sensor Network (WSN) is one of the major research areas in computer network field today. The function of WSN in this paper is to provide sensing services in an un-attended harsh environment. Sensed data need to be delivered to the base station and to cope with the network unreliability problem. Few routing protocol takes into consideration of this problem. It is a great challenge of the hierarchical routing protocol to provide network survivability through redundancy features. In this paper, a short literature review of the existing routing protocol is carried out. Then a novel hierarchical routing protocol, which addresses network survivability and redundancy issues, is introduced. Initial analysis shows promising results of the proposed protocol comparing with LEACH, which is a well known protocol as benchmark. Finally, conclusion was drawn based on the research and future direction for further research is identified.

Z Sun, Haitham Cruickshank, L Liang, A Sánchez, C Miguel (2002)IP based multimedia conference over satellite, In: 20th AIAA International Communication Satellite Systems Conference and Exhibit

Significant research and development have been carried out recently in Voice over IP (VoIP) to integrate Internet data services and telephony services based on Public Switched Telephone Network (PSTN). Satellites have been used for many years to provide long distance telephone services and have today an increasing portion of their capacities used to carry IP packets for Internet services. Therefore, convergence of voice and data is happening not only in terrestrial communication links, but also in satellite networks. With their global coverage and reach to remote areas, satellites are well positioned to enable growth of VoIP services. In addition to telephone and Internet services, satellite can also be used for multimedia conference services due to the broadcasting capability. This paper presents the studies of these topics as results of the VIP-TEN project on IP telephony and the ICEBERGS projects on multimedia conference over satellite. © 2002 by the author(s). Published by the American Institute of Aeronautics and Astronautics, Inc., with permission.

M Al-Fares, Z Sun, HS Cruickshank (2010)Reliable Routing Protocol for Wireless Sensor Network, In: S-I Ao, O Castillo, X Huang (eds.), Intelligent Automation and Computer Engineering(16) Springer Verlag

Intelligent Automation and Computer Engineering offers the state of the art of tremendous advances in intelligent automation and computer engineering and also ...

MNM Bhutta, H Cruickshank, M Moseley, J Ashworth (2017)A New Dynamic Multilayer IPSec Protocol”, PSATS 2012, March 2012, In: 4th International ICST Conference on Personal Satellite Services
Yue Cao, Zhili Sun, Haitham Cruickshank, Fang Yao (2014)Approach-and-Roam (AaR): A Geographic Routing Scheme for Delay/Disruption Tolerant Networks, In: IEEE Transactions on Vehicular Technology63(1)pp. 266-281 Institute of Electrical and Electronics Engineers (IEEE)

Considering that delay/disruption-tolerant networks (DTNs) suffer from a large variation of network topology, geographic routing is an alternative scheme that utilizes real-time geographic information instead of network topology information. However, the real-time geographic information of mobile destination is likely unavailable due to sparse network density. With this in mind, we propose a geographic routing scheme by relying on historical geographic information to estimate the movement range of destination. The idea is to make efficient message replication toward this estimated range via the proposed Approach Phase to reduce routing overhead. Meanwhile, the effective message replication within this range is guaranteed via the proposed Roam Phase to increase the message delivery ratio. We further propose a novel scheme to handle the local maximum problem for geographic routing in sparse networks. Simulation results obtained assuming the maps of three real world cities, namely, Helsinki, Finland; Karlsruhe, Germany; and Manhattan, New York City, USA, show an advantage of the proposed Approach-and-Roam (AaR) over the compared algorithms in terms of delivery ratio, average delivery latency, and overhead ratio.

M Asif, Zhili Sun, Haitham Cruickshank, N Ahmad (2011)QoS provisioning in contention aware MANETs using flow-aware admission control protocol, In: Proceedings of the IADIS International Conferences - Informatics 2011, Wireless Applications and Computing 2011, Telecommunications, Networks and Systems 2011, Part of the IADIS, MCCSIS 2011pp. 99-106

The popularity of MANET based applications is on the rise by the day and this includes the use of multimedia application over MANETs. The existing routing protocols provide best effort service, but do not provide any guarantee of Quality of Service (QoS) provisioning. Admission control based approach is desirable and plays a vital role in maintaining QoS for MANET-based applications. In this paper, we present a novel Flow-Aware Admission Control (FAAC) protocol that will maintain guaranteed throughput to the applications requiring QoS. FAAC protocol is designed to utilize the caching mechanism of the Dynamic Source Routing (DSR) protocol. It will be implemented in two stages: the first stage is searching the cache for untested paths from source to destinations and initiating the route search before checking the nodes resources. The second stage will include checking of local and carrier sensing neighbors' resources. The protocol is implemented using C++ within NS-2 simulation environment and validated to check the effect of newly admitting traffic over admitted data traffic. The newly arrival traffic was blocked when there is no enough network resources to support the existing and newly arrival traffic. © 2011 IADIS.

Zhili Sun, D He, Haitham Cruickshank, L Liang, A Sanchez, C Miguel, V Schena, C Tocci, B Carro (2004)Scalable architecture and evaluation for multiparty conferencing over satellite links, In: IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS22(3)pp. 594-605 IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 445 HOES LANE, PISCATAWAY, NJ 08855 USA

This paper describes the architecture of a proposed multiparty conferencing system for satellites. Different conferencing models are discussed and compared. A session initiation protocol (SIP)-based conference signaling model and an extension to protocol-independent multicast sparse mode that supports quality-of-service (QoS) in DiffServ networks are proposed, as particularly suitable for multiparty conferencing applications over satellite links. The paper also presents key issues and potential solutions of scalable QoS multicast services for multiparty conferences over satellite. End-to-end QoS parameters for voice and video are measured and analyzed on a prototype.

M Al-Siyabi, Haitham Cruickshank, Zhili Sun, P Cornice (2017)Fair admission control model for aircrafts bundles data transmission for Delay Tolerant Networkspp. 54-61

Aircrafts in commercial routes have been proposed in some previous work as a novel DTN bundle carriers [1]. Satellites can be one of the hops in this application. DTN suffers from intermittent disconnections, long delays and has scarce resources. It is a challenge to control the admission to these resources to provide better QoS and ensure optimum resource utilisation. Furthermore, providing fairness to different users who compete to access limited and scarce resources makes the solution even harder. In this paper, we propose a fair novel admission control model for DTN aircrafts applications based on feedback history logging of past admissions. This model will locally estimate the resources and provide fair admissions for users within a group of users in the same area. We will show an analysis of aircrafts fair admission control design for both aircraft initiated and user initiated approaches, which will provide integrated service per flow basis. The paper also presents the initial simulation model using a modified version of DTN2 emulator and DTNperf_2 performance monitoring tool.

C Caini, HS Cruickshank, S Farrell, M Marchese (2011)Delay- and Disruption - Tolerant Networking (DTN): An Alternative Solution for Future Satellite Networking Applications, In: IEEE Special Issue on Aerospace Communications and Networking in the Next Two Decades: Current Trends and Future Perspectives99(11)pp. 1980-1997 IEEE

Satellite communications are characterized by long delays, packet losses, and sometimes intermittent connectivity and link disruptions. The TCP/IP stack is ineffective against these impairments and even dedicated solutions, such as performance enhancing proxies (PEPs), can hardly tackle the most challenging environments, and create compatibility issues with current security protocols. An alternative solution arises from the delay- and disruption-tolerant networking (DTN) architecture, which specifies an overlay protocol, called bundle protocol (BP), on top of either transport protocols (TCP, UDP, etc.), or of lower layer protocols (Bluetooth, Ethernet, etc.). The DTN architecture provides long-term information storage on intermediate nodes, suitable for coping with disrupted links, long delays, and intermittent connectivity. By dividing the end-to-end path into multiple DTN hops, in a way that actually extends the TCP-splitting concept exploited in most PEPs, DTN allows the use of specialized protocols on the satellite (or space) links. This paper discusses the prospects for use of DTN in future satellite networks. We present a broad DTN overview, to make the reader familiar with the characteristics that differentiate DTN from ordinary TCP/IP networking, compare the DTN and PEP architectures and stacks, as a preliminary step for the subsequent DTN performance assessment carried out in practical LEO/GEO satellite scenarios. DTN security is studied next, examining the advantages over present satellite architectures, the threats faced in satellite scenarios, and also open issues. Finally, the relation between DTN and quality of service (QoS) is investigated, by focusing on QoS architectures and QoS tools and by discussing the state of the art of DTN research activity in modeling, routing, and congestion control.

MN Mumtaz Bhutta, Haitham Cruickshank, Zhili Sun (2016)Public-key infrastructure validation and revocation mechanism suitable for delay/disruption tolerant networks, In: IET Information Security

Public-key infrastructure (PKI) is based on public-key certificates and is the most widely used mechanism for trust and key management. However, standard PKI validation and revocation mechanisms are considered major reasons for its unsuitability for delay/disruption tolerant networking (DTN). DTN requires mechanism to authenticate messages at each node before forwarding it in the network. So, certificate revocation lists (CRLs) being distributed in DTN network will need to be authenticated and validated for issuer certificate authority (CA) at each node. In this study, the authors propose new validation and revocation mechanism which is compliant with DTN semantics and protocols. This study also proposes a new design for CRL in compliance with standard PKI X.509 standard to make the proposed mechanism easy to implement for DTN. The new designed CRL is of reduced size as it contains fewer entries as compared with standard X.509 CRL and also arranges the revocation list in the form of hash table (map) to increase the searching efficiency.

Haitham Cruickshank, Michael Howarth, S Iyengar, Zhili Sun, L Claverotte (2005)Securing multicast in DVB-RCS satellite systems, In: IEEE WIRELESS COMMUNICATIONS12(5)pp. 38-45 IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 445 HOES LANE, PISCATAWAY, NJ 08855 USA

While TV broadcasting is probably the best known application of satellite technology, satellite service providers are now expanding their services to include Internet data transmission. Consequently, security of satellite data is becoming an important issue. This article examines the current DVB-RCS security standard and identifies the principal gaps in the provision of secure multicast over DVB-RCS. The main contribution of this article is a proposal for adapting the current DVB-RCS two-way satellite standard to provide secure multicast services over satellites.

M Alshamrani, Haitham Cruickshank, Z Sun, B Elmasri, VH Tafreshi (2012)SIP-based internetwork system between future IP networks and ZigBee based Wireless Personal Area Networks (WPAN), In: 2012 4th Computer Science and Electronic Engineering Conference, CEEC 2012 - Conference Proceedingspp. 206-211

The internetwork system between Future IP Networks and ZigBee Wireless Networks has two main approaches; the SIP Proxy Based approach, and the ZigBee Stack Based approach. Because of the dynamic nature of the ZigBee devices, both approaches need to be improved to support the connectivity system and the Quality of Service (QoS) for different types of sensing and actuating applications. This paper proposes an initial design for a modified version of SIP (Mod-SIP) for ZigBee Stack Based approach. In addition, the paper introduces the Combined Approach which is an enhanced internetwork system used to provide more reliable and flexible connectivity system between ZigBee WPANs, and the IP clouds. An initial design and simulation efforts on OPNET implemented to study the current approaches and compare it with the proposed approaches. It shows that the SIP Proxy Based approach is not efficient for Future IP Networks applications as it has a high rate of End-to-End delays because of the lack of flexibility between SIP signaling system and the ZigBee WPANs. The initial investigations shown that the Combined approach can provide more reliable connectivity system with the support for the QoS for different types of instantaneous applications such as VoIP and video conferencing. © 2012 IEEE.

G Ansa, HS Cruickshank, Z Sun, M Al-Siyabi (2011)A DOS-resilient design for delay tolerant networks., In: IWCMCpp. 424-429
M Ali, L Liang, Z Sun, H Cruickshank (2009)Evaluation of SIP Signaling and QoS for VoIP over Satellite Networks, In: 2009 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS, VOLS 1-8pp. 5104-5108
A Ahmad, S Mirzadeh, H Cruickshank, H Afifi (2017)Efficient Physical Layer Encryption for LDR Sensor Networks
HS Cruickshank (2010)Satellite Communications: from PEPs to DTNpp. 62-67

Disruption-Tolerant Networking represents an innovative way to cope with satellite communications impairments. In this view, the paper presents an in-depth analysis of implications of a DTN approach to satellite communications, focusing on these fundamental aspects: network architecture, security, and Quality of Service (QoS). For each topic, commonalities and differences between DTN and Performance Enhancing Proxies (PEPs) are highlighted, to show that the DTN architecture can be seen as a promising evolution of PEPs, at present the most widely adopted architecture. The analysis shows that DTN can effectively improve PEPs functionalities in the presence of intermittent and disruptive channels and/or a high level of network heterogeneity. In particular, DTN offers the possibility to operate with intermittent channels, a better resilience to channel disruptions, the possibility to implement both end-to-end and hop-by-hop security, and a greater flexibility in the use of advanced QoS techniques

MN Mumtaz Bhutta, Haitham Cruickshank, Zhili Sun (2017)A New Public-Key Infrastructure (PKI) Validation and Revocation Mechanism Suitable for Delay/Disruption Tolerant Networks (DTN), In: IET Information Security11(1)pp. 16-22

Public Key Infrastructure (PKI) is based on public key certificates and is the most widely used mechanism for trust and key management. However, standard PKI Validation and Revocation mechanisms are considered major reasons for its unsuitability for Delay/Disruption Tolerant Networking (DTN). DTN requires mechanism to authenticate messages at each node before forwarding it in the network. So, Certificate Revocation Lists (CRLs) being distributed in DTN network will need to be authenticated and validated for issuer CA at each node. In this paper we propose new Validation and Revocation mechanism which is compliant with DTN semantics and protocols. The paper also proposes a new design for CRL in compliance with standard PKI X.509 standard to make the proposed mechanism easy to implement for DTN. The new designed CRL is of reduced size as it contains fewer entries as compared to standard X.509 CRL and also arranges the revocation list in the form of Hash Table (Map) to increase the searching efficiency.

Zhili Sun, D He, L Liang, Haitham Cruickshank (2004)Internet QoS and traffic modelling, In: IEE PROCEEDINGS-SOFTWARE151(5)pp. 248-255

Telecommunications networks have migrated from circuit based telephony services to packet based broadband network services. Merging with computer networks, they are being integrated with non-real-time data services on classical Internet integrated multimedia services, including real time voice, video and services on the new generation Internet. Thus, the concepts and requirements of quality of service (QoS) and traffic modelling have also been changed significantly. However, real time services such as voice and video are inelastic, as the transmission bandwidth, transmission time and QoS requirements need to be kept within strict limits and hence are not flexible. On the other hand, elastic services such as file transfer and Web surf are much relaxed with QoS and network resource requirements. Networks need to meet the requirements of both types of services by providing different classes of network services, including best effort service at one end of the spectrum, guaranteed service on the other end, and some others in between, with controlled traffic load. Traffic modelling is one of the important aspects to be considered to meet QoS requirements of services and efficient utilisation of network resources. The paper discusses important QoS issues, techniques for measurement and analysing Internet traffic, and new trends and methodology for Internet traffic modelling. It also presents the results based on the measured Internet traffic to validate the new model and the potential of the model to capture the characteristics of traffic for the Internet.

HS Cruickshank, G Giambene, M Berioli, R Mort (2009)BSM Integrated PEP with Cross-Layer Improvements, In: Satellite and Space Communications, 2009. IWSSC 2009.pp. 52-56

The future development of broadband satellite systems providing services based on the Internet Protocol (IP) needs to be stimulated by means of common standards. This paper presents the ETSI BSM PEP terminal architecture and PEP usage scenarios. In addition this paper shows the benefits of cross-layer improvements, where the TCP traffic sent by STs through an NCC/Gateway that acts as a PEP-spoofer on ACKs going in the opposite direction.

A Jamalipour, M Marchese, HS Cruickshank, J Neale, SN Verma (2004)Broadband IP networks via satellites - Part I, In: IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS22(2)pp. 213-217 IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
L Audah, Zhili Sun, Haitham Cruickshank (2012)QoS simulation and analysis of HTTP over LEO satellite constellation, In: Journal of Communications and Networking

In this paper, we present an end-to-end QoS simulation studies on internetworking of remote LAN and long range communications over LEO-Iridium satellites constellation taking SuperJARING network in Malaysia as an example. A macro level network simulation scenario based on actual network topology in Malaysia is implemented as Diffserv network model using the network simulator-2 (NS-2). Web traffic (HTTP) is used as the internet traffic models in the simulation analysis. All simulations are carried out in error-free and link-loss environment. In error-free simulations, the accumulative network traffic loads are varied from 20%, 50% and 80% while in linkloss environment simulations only 20% traffic load is used with bit error rate (BER) varied from 1x10-5, 1x10-4 and 2x10-4. We compare the empirical TCP throughput traces with analytical model for validation. The results show clearly that QoS can be achieved with IP Diffserv over satellites constellation like Iridium.

L Liang, S Iyengar, Haitham Cruickshank, Z Sun, C Kulatunga, G Fairhurst (2009)Security for FLUTE over Satellite Networks, In: CX Wang, S Ouyang (eds.), 2009 WRI INTERNATIONAL CONFERENCE ON COMMUNICATIONS AND MOBILE COMPUTING: CMC 2009, VOL 3pp. 485-491
Haitham Cruickshank, S Iyengar, L Fan, Z Sun, JA Guerra, M Mezzalla (2007)Secure composite satellite IP multicast architecture for heterogeneous groups, In: 2007 PROCEEDINGS OF THE 16TH IST MOBILE AND WIRELESS COMMUNICATIONS, VOLS 1-3pp. 494-498
Haitham Cruickshank, Michael Howarth, S Iyengar, Zhili Sun, L Claverotte (2005)Securing multicast in DVB-RCS satellite systems, In: IEEE Wireless Communications Magazine12(5)pp. 38-45 IEEE

Whilst TV broadcasting is probably the best-known application of satellite technology, satellite service providers are now expanding their services to include Internet data transmission. Consequently, security of satellite data is becoming an important issue. This article examines the current DVB-RCS security standard and identifies the principal gaps in the provision of secure multicast over DVB-RCS. The main contribution of this article is a proposal for adapting the current DVB-RCS two-way satellite standard to provide secure multicast services over satellites.

YF Hu, M Berioli, P Pillali, HS Cruickshank, G Giambene, K Kotsopoulos, W Guo, PML Chan (2010)Broadband Satellite Multimedia, In: IET Communications4(13)pp. 1519-1531 IET

The broadband satellite multimedia (BSM) architecture standardised by ETSI defines a satellite independent service access point (SI-SAP) interface layer that separates the satellite independent features of the upper layers from the satellite dependant features of the lower layers, and provides a mechanism to carry IP-based protocols over these satellite dependent lower layers. This enables interoperability at the IP layer between satellite systems of different physical and link layers technologies that fully comply with the SI-SAP concept. This study reviews past and current standardisation activities including the BSM quality of service (QoS) architecture, security architecture, network management that have been carried out by the ETSI Technical Committee-Satellite Earth Stations and Systems (TC-SES)/BSM working group and looking into the future to extend current SI-SAP functions that can enhance existing QoS provision and security management capabilities as well as proposing a mobility management architecture that complies with the IEEE 802.21 media independent handover framework to support BSM mobility and to allow integration of satellite networks with fixed and mobile network infrastructures. A service-based network management architecture is also proposed to allow management flexibility and integration of business and operation support functions, paving the way for satellite integration into the Internet of the future.

Y Cao, Haitham Cruickshank, Zhili Sun (2011)A Routing Framework for Delay Tolerant Networks Based on Encounter Anglepp. 2231-2236

The concept of Delay Tolerant Networks (DTNs) has been utilized for wireless sensor networks, mobile ad hoc networks, interplanetary networks, pocket switched networks and suburb networks for developing region. Because of these application prospects, DTNs have received attention from academic community. Whereas only a few state of the art routing algorithms in DTNs address the problem of aborted messages due to the insufficient encounter duration. In order to reduce these aborted messages, we propose a routing framework which consists of two optional routing functions. Specifically, only one of them is activated according to the encounter angle between pairwise nodes. Besides, the copies of the undelivered message carried by most of the nodes in the network are more likely to be cleared out after successful transfer, which reduces the number of unnecessary transmissions for message delivery. By means of the priority for message transmission and deletion in case of the limited network resource, the proposed algorithm achieves the high delivery ratio with low overhead as well as less number of aborted messages due to the insufficient encounter duration, thus is more energy efficient.

David Owens, Shuja Ansari, Haitham Cruickshank, Rahim Tafazolli, Muhammad Ali Imran (2022)Coverage Extension for the UK Smart Meter Implementation Programme Using Mesh Connectivity, In: Telecom (Basel)3(4)pp. 610-618

Smart meters (SM) with wireless capabilities are one of the most meaningful applications of the Internet of Things. Standards like Zigbee have found a niche in transmitting data on energy usage to the user and the supplier wirelessly via these meters and communication hubs. There are still certain difficulties, notably in delivering wireless connectivity to meters situated in difficult-to-reach locations such as basements or deep indoors. To solve this issue, this paper investigates the usage of mesh networks at 868 MHz, particularly to increase coverage, and proposes an additional mounted antenna to significantly increase outside coverage while providing the necessary coverage extension for hard-to-reach indoor locations. Extensive measurements were made in Newbury in both suburban and open environments for validation and delivery of a simple statistical model for the 868 MHz band in United Kingdom conurbations. Results presented in this paper estimate that mesh networks at 868 MHz can accommodate large areas constituting several SMs with the proposed coverage extension method. With our findings and proposed methods on mesh connectivity, only 1% of UK premises will require mesh radios to achieve the desired coverage.

WHD Ng, MP Howarth, Zhili Sun, Haitham Cruickshank (2007)Dynamic balanced key tree management for secure multicast communications, In: IEEE Transactions on Computers56(5)pp. 590-605
Haitham Cruickshank, L Liang, L Fan, Zhili Sun, M Mazzella (2008)A ULE Security Approach for Satellite Networks on PLATINE Testbed

The satellite network does not have the IP layer where the IPsec [2][3] is designed for. Therefore, a new algorithm is needed to secure the satellite link at link layer or physical layer. This paper will give a short analysis on the advantages and disadvantages of the MPEG-2 TS encryption and present an approach trying to use the extension header of Unidirectional Lightweight Encapsulation (ULE) [6] Protocol Data Unit (PDU) to provide the efficient security solution for satellite networks. This approach is just above the MPEG-2 TS layer and makes the link security as a part of the encapsulation layer. Thanks to a test bed platform named PLATINE developed by France partners and contributed by other partners within the SATSIX project on which the DVB-S and DVB-RCS have been implemented. The Unidirectional Lightweight Encapsulation (ULE) [6] mechanism working together with MPEG 2 Transport Stream (TS) as a part of the encapsulation in PLATINE is for the transport of IPv6 (& IPv4) Datagrams and other network protocol packets directly over the ISO MPEG-2 Transport Stream as TS Private Data. The proposed security approach is implemented within PLATINE to provide integrated security with ULE protocol at the link layer. The approach is based on the security requirements Internet draft [1]

L Audah, Zhili Sun, Haitham Cruickshank (2012)Comparative Evaluation QoS of FTP over LEO and GEO Satellite Networks with Diffserv Architecture, In: Journal of Communication and Computer (JCC)9(12)pp. 1383-1394 David Publishing Company

This paper presents studies for the end-to-end QoS of IP over integrated terrestrial and Next Generation Satellite Network (NGSN) using FTP. We compare between LEO and GEO satellites constellations for the QoS parameters (i.e. delay, jitter, loss rate and throughput) of file transfer from a remote server in London and a remote client in Boston. We model the file transfer with multiple connections and file size variation according to Exponential and Pareto distributions respectively. We create the scenario with error model to simulate transmission loss environment using the NS-2 simulation software. A Differentiated Services (Diffserv) queue interface is placed in the server side to regulate the traffic flows across the narrow bandwidth of the satellite links. The results showed the performance evaluation and presented a good comparison of the QoS parameters involved in the data transfer across LEO and GEO satellites systems.

Lukman Audah, Zhili Sun, Haitham Cruickshank (2017)QoS based Admission Control using Multipath Scheduler for IP over Satellite Networks, In: International Journal of Electrical and Computer Engineering7(6)pp. 2958-2969 Institute of Advanced Engineering and Science

This paper presents a novel scheduling algorithm to support quality of service (QoS) for multiservice applications over integrated satellite and terrestrial networks using admission control system with multipath selection capabilities. The algorithm exploits the multipath routing paradigm over LEO and GEO satellites constellation in order to achieve optimum end-to-end QoS of the client-server Internet architecture for HTTP web service, file transfer, video streaming and VoIP applications. The proposed multipath scheduler over the satellite networks advocates load balancing technique based on optimum time-bandwidth in order to accommodate the burst of application traffics. The method tries to balance the bandwidth load and queue length on each link over satellite in order to fulfil the optimum QoS level for each traffic type. Each connection of a traffic type will be routed over a link with the least bandwidth load and queue length at current time in order to avoid congestion state. The multipath routing scheduling decision is based on per connection granularity so that packet reordering at the receiver side could be avoided. The performance evaluation of IP over satellites has been carried out using multiple connections, different file sizes and bit-error-rate (BER) variations to measure the packet delay, loss ratio and throughput.

Y Sheng, H Cruickshank (2008)Security Mechanisms for Delivering Ubiquitous Services in Next Generation Mobile Networks, In: 2008 IEEE 19TH INTERNATIONAL SYMPOSIUM ON PERSONAL, INDOOR AND MOBILE RADIO COMMUNICATIONSpp. 2366-2370
L Liang, Z Sun, Haitham Cruickshank (2005)Relative QoS optimization for multiparty online gaming in DiffServ networks, In: IEEE COMMUNICATIONS MAGAZINE43(5)pp. 75-83 IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 445 HOES LANE, PISCATAWAY, NJ 08855 USA

Real-time interactive multimedia multiparty communication is becoming a vital part of modern Internet services. As one of its applications, online gaming attracts a huge group of fans playing over the Internet. It has new requirements for relative QoS. This article gives a brief introduction to these new QoS requirements, and then presents an algorithm to satisfy these requirements in the differentiated services network for client-server-topology-based online gaming services. Our simulation results show that this algorithm can provide optimized relative QoS support for online gaming as an example of multiparty communications.

Haitham Cruickshank, Zhili Sun, BG Evans (2000)THESEUS approach to open stock exchange trading based on Pan-European broadband networks and satellite links, In: GLOBECOM '00: IEEE GLOBAL TELECOMMUNICATIONS CONFERENCE, VOLS 1- 3pp. 1349-1353
Zhili Sun, B Cheng, Haitham Cruickshank, Barry Evans (2000)BISANTE - Traffic evaluation tool for broadband satellite networks, In: COLLECTION OF THE 18TH AIAA INTERNATIONAL COMMUNICATIONS SATELLITE SYSTEMS CONFERENCE AND EXHIBIT, TECHNICAL PAPERS, VOLS 1 AND 2pp. 1090-1097
Y Miao, Zhili Sun, Ning Wang, Haitham Cruickshank (2015)Comparison Studies of MANET-Satellite and MANET-Cellular Networks Integrations, In: 2015 International Conference on Wireless Communications and Signal Processing (WCSP)pp. 1899-1903

A mobile ad hoc network (MANET) is a self-configuring infrastructure-less network. Taking advantage of spontaneous and infrastructure-less behavior, MANET can be integrated with satellite network to provide world-wide communication for emergency and disaster relieve services and can also be integrated with cellular network for mobile data offloading. To achieve different purposes, different architecture of integrated system, protocols and mechanisms are designed. For emergency services, ubiquitous and robust communications are of paramount importance. For mobile data offloading services, emphasis is amount of offloaded data, limited storage and energy of mobile devices. It is important to study the common features and distinguish of the architecture and service considerations for further research in the two integrated systems. In this paper, we study common issues and distinguish between two systems in terms of routing protocol, QoS provision, energy efficiency, privacy protection and resource management. The future research can benefit from taking advantage of the similarity of two systems and address the relevant issues.

Z Luo, Zhili Sun, Haitham Cruickshank (2007)Modelling and simulation study of TCP performance with link layer retransmission and fragmentation for satellite-UMTS networks, In: Recent Advances in Modeling and Simulation Tools for Communication Networks and Servicespp. 137-155

Satellite-based Universal Mobile Telecommunications System (S-UMTS) is used to provide all kinds of Transmission Control Protocol/ Internet Protocol (TCP/IP) based Internet services for global end users. However, due to the high propagation delay and high bit error rates over satellite links, the TCP performance degrades considerably and affects many qualities of TCP based services. In this work, we focus on studying the TCP performance in S-UMTS using radio link control (RLC) with fragmentation and retransmission mechanisms. Analytical and simulation studies have been carried out to study this cross-layer problem. Two scenarios have been studied, i.e., the satellite operates in either transparent mode or with onboard processor (OBP) mode. The results indicate that the TCP performance can be enhanced substantially by employing the relay function using OBP and appropriate configurations of RLC parameters, thus providing useful information to the design the next generation communication satellite with onboard processing.

Haitham Cruickshank, S Iyengar, L Fan, Zhili Sun, RJ Mort, M Mezzalla (2008)Secure multicast in the broadband satellite multimedia networks, In: L Fan, H Cruickshank, Z Sun (eds.), IP NETWORKING OVER NEXT-GENERATION SATELLITE SYSTEMSpp. 329-369
Y Chotikapong, Haitham Cruickshank, Zhili Sun, Barry Evans (2000)Network architecture and performance evaluation of broadband satellite systems, In: IEEE INTERNATIONAL CONFERENCE ON NETWORKS 2000 (ICON 2000), PROCEEDINGSpp. 488-488
M Alfares, Zhili Sun, Haitham Cruickshank (2010)Intelligent Automation and Computer Engineering, In: S-I Ao, O Castillo, X Huang (eds.), Intelligent Automation and Computer Engineering(16)pp. 205-216 Springer Verlag

Intelligent Automation and Computer Engineering offers the state of the art oftremendous advances in intelligent automation and computer engineering and also ...

Y Chotikapong, Haitham Cruickshank, Z Sun (2001)Evaluation of TCP and internet traffic via low earth orbit satellites, In: IEEE Personal Communications8(3)pp. 28-34

The prospect of the Internet as the fastest growing satellite communication application coupled with satellite-based multimedia networks has generated a high level of interest in the performance of TCP over satellite systems. This article presents the network architecture for supporting services based on TCP/IP over satellite. It discusses the key factors that influence TCP performance over satellite links, and compares the benefits and disadvantages of low earth orbit and geostationary earth orbit satellites. The article also discusses the feasibility of using LEO satellites to support and expand the Internet. It presents studies of the TCP behavior over a GEO satellite system and LEO satellite constellation based on computer simulations, where two typical Internet applications are taken into consideration: FTP file transfer and Web browsing. The results show that TCP performs much better over the LEO satellite constellation than over the GEO system; even the standard TCP over LEO is better than enhanced TCP over GEO.

HS Cruickshank (2012)An Energy‐Efficient Technique to Combat DOS Attacks in Delay Tolerant Networks, In: G Ansa, Z Sun (eds.), ICST Transactions on Ubiquitous Environments journal12(1-3) ICST

A delay tolerant network is a highly constrained networking environment which is low in resources such as memory, bandwidth and battery power. In opportunistic DTNs, nodes cooperatively forward packets for each other through the carry-store-and-forward paradigm. Opportunistic data forwarding can be abused by an adversary by injecting spurious packets in order to waste the resources of the network. To guard against such attacks, it is important to authenticate packets at intermediate nodes. Packet authentication in itself comes with overheads such as computation cost and energy consumption which can be exploited by an attacker to mount a denial of service attack. We propose the use of light-weight DTN-cookies to protect this vital security service from such malicious exploitation. We show through simulations that our proposed mechanisms can improve network performance and save considerable amount of power even in the presence of attackers.

X Liang, FLC Ong, P Pillai, PML Chan, V Mancuso, G Koltsidas, F-N Pavlidou, L Caviglione, E Ferro, A Gotta, HS Cruickshank, S Iyengar, G Fairhurst (2007)Fusion of digital television, broadband Internet and mobile communications - Part II: Future service scenarios., In: Int. J. Satellite Communications Networking254pp. 409-440
PARYA HAJI MIRZAEE, MOHAMMAD SHOJAFAR, HAMIDREZA BAGHERI, T Chan, HAITHAM SATTAR CRUICKSHANK, RAHIM TAFAZOLLI (2021)A Two-layer Collaborative Vehicle-Edge Intrusion Detection System for Vehicular Communications

With increased wireless connectivity and embedded sensors, vehicles are becoming more intelligent, offering Internet access, telematics, and advanced driver assistance systems. Along with all benefits, connectivity to the public network and automotive control systems introduces new threats and security risks to connected and autonomous driving systems. Therefore, it is highly critical to design robust security mechanisms to protect the system from potential attacks and security vulnerabilities. An intrusion detection system (IDS) is a promising solution to detect and identify attacks and malicious behaviour within the network. This paper proposes a two-layer IDS mechanism that exploits machine learning (ML) solutions for collaborative attack detection between an on-vehicle IDS module and a developed IDS platform at a mobile edge computing (MEC) server. The results illustrate that the proposed solution can significantly reduce communication latency and energy consumption up to 80% while maintaining a high level of detection accuracy.

E Johnson, G Ansa, Haitham Cruickshank, Zhili Sun (2010)Access Control Framework for Delay/Disruption Tolerant Networks., In: K Sithamparanathan, M Marchese, M Ruggieri, I Bisio (eds.), PSATS43pp. 249-264
Haitham Cruickshank, Z Sun, F Carducci, A Sanchez (2001)Analysis of IP voice conferencing over EuroSkyWay satellite system, In: IEE PROCEEDINGS-COMMUNICATIONS148(4)pp. 202-206 IEE-INST ELEC ENG
L Liang, H Cruickshank, Z Sun, C Kulatunga, G Fairhurst (2008)TESLA with FLUTE over satellite networks, In: 2008 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS, PROCEEDINGS, VOLS 1-13pp. 1915-1919
A Lukman, Zhili Sun, HS Cruickshank (2010)End-to-End QoS Evaluation of IP-Diffserv Network over LEO Satellite Constellation, In: K Sithamparanathan, M Marchese, M Ruggieri, I Bisio (eds.), Personal Satellite Services43pp. 99-113

In this paper, we present an end-to-end QoS simulation studies on internetworking of remote LAN and long range communications over LEOIridium satellites constellation taking SuperJARING network in Malaysia as an example. A macro level network simulation scenario based on actual network topology in Malaysia is implemented as Diffserv network model using the Network Simulator-2 (NS-2). Web traffic (HTTP) is used as the internet traffic models in the simulation analysis. All simulations are carried out in error-free and link-loss environment. In error-free simulations, the accumulative network traffic loads are varied from 20%, 50% and 80% while in link-loss environment simulations only 20% traffic load is used with bit error rate (BER) varied from 1x10-5, 1x10-4 and 2x10-4. The results show clearly that QoS can be achieved with IP Diffserv over satellites constellation like Iridium.

L Liang, Haitham Cruickshank, Zhili Sun (2017)ULE security implementation in PLATINE

Satellites are expected to play an essential role in bridging the “digital divide”; satellite networks are likely to be the only way to provide broadband services to regions that cannot be economically reached by terrestrial networks, in particular the more remote regions of Europe and the rest of the world. Security can be a problem for such global services. This paper presents a link layer security solution and how it is implemented for the Unidirectional Lightweight Encapsulation (ULE). A satellite testbed is constructed where the ULE security implementation is validated. The experiments results are presented in this paper.

Michael Howarth, S Iyengar, Zhili Sun, Haitham Cruickshank (2004)Dynamics of key management in secure satellite multicast, In: IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS22(2)pp. 308-319 IEEE

Security is an important concern in today's information age and particularly so in satellite systems, where eavesdropping can be easily performed. This paper addresses efficient key management for encrypted multicast traffic transmitted via satellite. We consider the topic of encrypting traffic in large multicast groups, where the group size and dynamics have a significant impact on the network load. We consider life cycle key management costs of a multicast connection, and show for a logical key hierarchy (LKH) how member preregistration and periodic admission reduces the initialization cost, and how the optimum outdegree of a hierarchical tree varies with the expected member volatility and rekey factor. This improves network utilization, but encryption at the network layer can pose problems on satellite links. We, therefore, propose and analyze an interworking solution between multilayer Internet protocol security (IPSEC) and LKH that also reduces key management traffic while enabling interworking with performance enhancing modules used on satellite links.

L Fan, Haitham Cruickshank, Z Sun (2008)IP networking over next-generation satellite systems Springer Verlag

In addition, the book covers hot-button issues such as security, architecture improvement, resource allocation, video networking, and service integration.

The approach currently being taken by ETSI (BSM) to standardisation for Multicast PIM-SM protocols is described. This paper describes methods, architectures and adaptations to support IP-multicast services efficiently across IP-based broadband multimedia satellite systems. The final objective is to arrive at a consensus for a standard on this subject.

M Al-Siyabi, HS Cruickshank, Z Sun (2011)DTN QoS metrics and fair resources management model., In: CCECEpp. 704-707
FLC Ong, X Liang, P Pillai, PML Chan, G Koltsidas, F-N Pavlidou, E Ferro, A Gotta, HS Cruickshank, S Iyengar, G Fairhurst, V Mancuso (2007)Fusion of digital television, broadband Internet and mobile communications - Part I: Enabling technologies., In: Int. J. Satellite Communications Networking254pp. 363-407
Y Cao, Ning Wang, Zhili Sun, Haitham Cruickshank (2015)A Reliable and Efficient Encounter-Based Routing Framework for Delay/Disruption Tolerant Networks, In: IEEE SENSORS JOURNAL15(7)pp. 4004-4018 IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC

This paper addresses delay/disruption tolerant networking routing under a highly dynamic scenario, envisioned for communication in vehicular sensor networks (VSNs) suffering from intermittent connection. Here, we focus on the design of a high-level routing framework, rather than the dedicated encounter prediction. Based on an analyzed utility metric to predict nodal encounter, our proposed routing framework considers the following three cases. First, messages are efficiently replicated to a better qualified candidate node, based on the analyzed utility metric related to destination. Second, messages are conditionally replicated if the node with a better utility metric has not been met. Third, messages are probabilistically replicated if the information in relation to destination is unavailable in the worst case. With this framework in mind, we propose two routing schemes covering two major technique branches in literature, namely: 1) encounter-based replication routing and 2) encounter-based spraying routing. Results under the scenario applicable to VSNs show that, in addition to achieving high delivery ratio for reliability, our schemes are more efficient in terms of a lower overhead ratio. Our core investigation indicates that apart from what information to use for encounter prediction, how to deliver messages based on the given utility metric is also important.

G Ansa, Haitham Cruickshank, Zhili Sun (2011)A proactive DOS filter mechanism for delay tolerant networks, In: Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering: Personal Satellite Services71pp. 213-226

Denial of Service (DOS) attacks are a major threat faced by all types of networks. The effect of DOS in a delay tolerant network (DTN) is even more aggravated due to the scarcity of resources. Perpetrators of DOS attacks in DTN-like environments look beyond the objective of rendering a target node useless. The aim of an attacker is to cause a network-wide degradation of resources, service and performance. This can easily be achieved by exhausting node or link resources and partitioning the network. In this paper we seek to provide a proactive approach in making the DTN authentication process robust against DOS. Our aim is to make security protocols which provide mandatory DTN security services resilient to DOS attacks. The overall objective is to make it hard to launch a DOS attack and ensure the availability of DTN services. A DTN-cookie mechanism has been proposed to quickly identify and filter out illegitimate traffic.

Z Sun, HS Cruickshank (2015)Guest Editorial: Security, privacy and trust in future networks and mobile computing., In: J. Inf. Sec. Appl.20(C)pp. 1-2 Journal of Information Security and Applications

With the boom of Internet, IP-based applications such as WWW and multimedia have become an essential part of our everyday life, and there is an ever-increasing demand for accessing high-speed Internet services anywhere, anytime and all the times. This trend unavoidably has huge impacts on the design of the next-generation future networks. However, security, privacy and trust systems can be obstacles in the presence of a global and heterogeneous future networks.

This paper presents the QoS performance evaluation studies of IP over integrated terrestrial and Next Generation Satellite Network (NGSN) for HTTP web, file transfer, video streaming and VoIP applications. We compare the QoS parameters (e.g. delay, loss ratio and throughput) of the multiservice applications over Ka-Sat like satellite and the ITU-R standard Hypothetical Reference Digital Path (HRDP). We model the multiservice applications with multiple connections, different files sizes and connection durations variations. We simulate the network scenario with error model for the transmission loss environment using NS-2. A Differentiated Services (Diffserv) queue interface is used in the terrestrial network to regulate and differentiate the traffic flows while a priority queue is used as the satellite on-board-processing unit (OBP). The results showed a better top-down comparison of the QoS parameters involved in each application service across GEO satellite and the standard terrestrial digital data link.

Haitham Cruickshank, Z Sun (2009)Welcome message from the Technical Program Chairs, In: IWSSC'09 - 2009 International Workshop on Satellite and Space Communications - Conference Proceedings
Haitham Cruickshank, Z Sun (2009)IWSSC 2009 welcome message from the technical program chairs, In: Proceedings of the 2009 6th International Symposium on Wireless Communication Systems, ISWCS'09pp. 40-?
Z Luo, Z Sun, Haitham Cruickshank (2007)TCP throughput enhancement via link layer relay in multi-hop satellite IP networks, In: 2007 INTERNATIONAL WORKSHOP ON SATELLITE AND SPACE COMMUNICATIONS, IWSSC '07, CONFERENCE PROCEEDINGSpp. 104-108
MNM Bhutta, L Liang, Haitham Cruickshank, Zhili Sun, G Fairhurst, C Kulatunga (2009)Integration of TESLA and FLUTE over satellite networks, In: International Workshop on Satellite and Space Communications, 2009. IWSSC 2009.pp. 135-139

Multicast research has explored the security challenges faced in group communications. Multicast transport and multicast security need to work in close collaboration to realise a multicast service. However, there has been comparatively little work to combine the two technologies. In this paper the authors is presenting an example of partially integrating timed efficient stream loss-tolerant authentication (TESLA) protocol and the file delivery over unidirectional transport (FLUTE) protocol. The security concern raised by the proposed algorithm is analysed for satellite network. The proposed algorithm was implemented on a testbed with multicast tunnel between University of Surrey and University of Aberdeen and the results are presented in this paper.

Haitham Cruickshank, S Iyengar, Michael Howarth, Zhili Sun, F Zeppenfeldt, G Kenny (2003)Secure IP multicast over satellites
Haitham Cruickshank, H Pan, Zhili Sun, Barry Evans, JP Bodin (1998)THESEUS terminal-access to broadband networks for European stock exchanges, In: ELECTRONICS & COMMUNICATION ENGINEERING JOURNAL10(6)pp. 289-296 IEE-INST ELEC ENG
M Ali, L Liang, Zhili Sun, Haitham Cruickshank (2009)FRAMEWORK FOR END-TO-END QOS MEASUREMENT OVER DVB-RCS NETWORK, In: 27th IET and AIAA International Communications Satellite Systems Conference (ICSSC 2009)pp. 211-?

Satellites are popular due to their wide area coverage and for providing connectivity in remote regions of the world. The future development of satellite systems providing services based on the Internet Protocol (IP) needs to be validated on a real satellite network. This paper presents the end-to-end quality of service (QoS) measurements taken at European Space Agency (ESA) testbed over DVB-RCS infrastructure. The applications chosen for these experiments are file transfer (FTP), web browsing (HTTP), video streaming and P2P filesharing. File transfer, web browsing and P2P file-sharing require reliable transport mechanism as a corrupted bit will hinder the intact data delivery. Therefore, these applications use transmission control protocol (TCP) as the transport protocol. TCP involves a three way handshake, which introduces extra delay during data transfer. Video streaming is a real time application, so, it is time-sensitive and requires lesser reliability compared to the other three applications. Hence, it employs user datagram protocol (UDP) at the transport layer, which do not offer any guarantee of reliable data delivery but is fast. The parameters that have been used to evaluate quality of service (QoS) are packet timestamps, file download time, round trip delay, packet sizes and packet loss rate. Also similar applications and results will be measured from a satellite emulation testbed, PLATINE. It is based on Linux operating system, in which most of the DVB-S and DVBRCS satellite network functions have been implemented. These functions include network topology configuration, Quality of Service (QoS), Demand Assigned Multiple Access (DAMA), traffic encapsulation using both Asynchronous Transfer mode (ATM) and ULE/MPEG, satellite network entities configuration and support for both IPv4 and IPv6. The paper concludes with the comparative analysis of the QoS of the applications in both real and emulation environments.

Y Yang, Y Zhou, Zhili Sun, Haitham Cruickshank (2013)Heuristic scheduling algorithms for allocation of virtualized network and computing resources, In: Journal of Software Engineering and Applications6(1)pp. 1-13 Scientific Research Publishing

Cloud computing technology facilitates computing-intensive applications by providing virtualized resources which can be dynamically provisioned. However, user’s requests are varied according to different applications’ computation abil- ity needs. These applications can be presented as meta-job of user’s demand. The total processing time of these jobs may need data transmission time over the Internet as well as the completed time of jobs to execute on the virtual ma- chine must be taken into account. In this paper, we presented V-heuristics scheduling algorithm for allocation of virtu- alized network and computing resources under user’s constraint which applied into a service-oriented resource broker for jobs scheduling. This scheduling algorithm takes into account both data transmission time and computation time that related to virtualized network and virtual machine. The simulation results are compared with three different types of heuristic algorithms under conventional network or virtual network conditions such as MCT, Min-Min and Max-Min. e evaluate these algorithms within a simulated cloud environment via an abilene network topology which is real physical core network topology. These experimental results show that V-heuristic scheduling algorithm achieved significant performance gain for a variety of applications in terms of load balance, Makespan, average resource utilization and total processing time.

MHZ Sun, HS Cruickshank, Z Sun (2014)An Efficient, Scalable Key Transport Scheme (ESKTS) for Delay/Disruption Tolerant Networks, In: Wireless Networks20(6)pp. 1597-1609 Springer Verlag

In the past, security protocols including key transport protocols are designed with the assumption that there are two parties communication with each other and an adversary tries to intercept this communication. In Delay/Disruption Tolerant Networking (DTN), packet delivery relies on intermediate parties in the communication path to store and forward the packets. DTN security architecture requires that integrity and authentication should be verified at intermediate nodes as well as at end nodes and confidentiality should be maintained for end communicating parties. This requires new security protocols and key management to be defined for DTN as traditional end-to-end security protocols will not work with DTN. To contribute towards solving this problem, we propose a novel Efficient and Scalable Key Transport Scheme (ESKTS) to transport the symmetric key generated at a DTN node to other communicating body securely using public key cryptography and proxy signatures. It is unique effort to design a key transport protocol in compliance with DTN architecture. ESKTS ensures that integrity and authentication is achieved at hop-by-hop level as well as end-to-end level. It also ensures end-to-end confidentiality and freshness for end communicating parties. This scheme provides a secure symmetric key transport mechanism based on public key cryptography to exploit the unique bundle buffering characteristics of DTN to reduce communication and computation cost .

L Audah, Zhili Sun, Haitham Cruickshank (2016)End-to-end QoS evaluation of IP over LEO/GEO satellites constellations for FTP, In: Proceedings of 5th International Conference on Signal Processing and Communication Systems

This paper presents studies for the end-to-end QoS of IP over integrated terrestrial and Next Generation Satellite Network (NGSN) using FTP. We compare between LEO and GEO satellites constellations for the QoS parameters (i.e. delay, jitter, loss rate and throughput) of file transfer from a remote server in London and a remote client in Boston. We model the file transfer with multiple connections and file size variation according to Exponential and Pareto distributions respectively. We create the scenario with error model to simulate transmission loss environment using the NS-2 simulation software. A Differentiated Services (Diffserv) queue interface is placed in the server side to regulate the traffic flows across the narrow bandwidth of the satellite links. The results showed the performance evaluation and presented a good comparison of the QoS parameters involved in the data transfer across LEO and GEO satellites systems.

Philip Asuquo, Haitham Cruickshank, Chibueze Pascal Anyigor Ogah, Ao Lei, Zhili Sun (2016)A collaborative trust management scheme for emergency communication using delay tolerant networks, In: Proceedings of the 8th Advanced Satellite Multimedia Systems Conference and the 14th Signal Processing for Space Communications Workshop (ASMS/SPSC), 2016

Delay Tolerant Network (DTN) comprises of nodes with small and limited resources including power and memory capacity. We propose the use of DTN as an alternate means of communication for the dissemination of emergency information in a post-disaster evacuation operation. We investigate the performance of DTN in providing emergency communication support services under packet dropping attacks. We consider internally motivated attacks where the nodes that are part of the emergency rescue team are compromised with malicious behaviours thereby dropping packets to disrupt the message dissemination during the evacuation operation. A way to mitigating malicious behaviour and improve network performance of DTN is to use incentives in exchanging information between nodes. Unlike existing schemes, we consider the Basic Watchdog Detection System which detects and acts against misbehaving nodes to reduce their overall impact on the network performance. We design a Collaborative Trust Management Scheme (CTMS) which is based on the Bayesian detection watchdog approach to detect selfish and malicious behaviour in DTN nodes. We have evaluated our proposed CTMS through extensive simulations and compared our results with the other existing schemes. Our evaluations show that the use of adequate collaborative strategies between well behaved nodes could improve the performance of Watchdog schemes taking into account the delivery ratio, routing cost and the message delay from the source node to the destination node.

Y Sheng, HS Cruickshank, M Moseley, J Ashworth (2013)Security Architecture for Satellite Services over Cryptographically Heterogeneous Networks, In: R Dhaou, AL Beylot, MJ Montpetit, D Lucani, L Mucchi (eds.), PERSONAL SATELLITE SERVICES, PSATS 2013123pp. 102-114
N Ahmad, Haitham Cruickshank, Zhili Sun, M Asif (2011)Pseudonymised Communication in Delay Tolerant Networkspp. 1-6

Privacy, Anonymity, pseudonymity are the debatable terms which on one angle restrict the rights but on other angle open doors for malacious activity.This paper propses design for a pseudonymised communication which is optimal solution for the privacy issues, where the real identity is hidden from the outside world by using blind signature in a different way of group commmunication.The protocol is deployed and analysed in extreme environment of Delay Tolerant Networks (DTN), which is overlay on the top of traditional Internet which provides end to end connectivity and charactarised with long delay and disruption. A telemedicine application of rural area network is explored to provide source anonymity.The protocol is finally analysed using Dolev Yao model with two different cases and it preserves the orignal identity of the node.

Z Luo, Z Sun, Haitham Cruickshank (2007)On-board link layer relay mechanism to enhance TCP in satellite IP networks, In: 2007 16th IST Mobile and Wireless Communications Summit

Transmission Control Protocol (TCP) over satellite IP networks has attracted many researchers' interests for many years because the TCP performance degrades considerably due to the high propagation delay and high bit error rates in satellite links. Many proposals have been produced to enhance TCP performance in satellite IP networks, which are mostly involved of modifying system's architecture or TCP protocol stack. In this paper, we propose a novel on-board link layer relay mechanism. We use both analytical and simulation means to compare the traditional bent-pipe scenario and our on-board link layer relay mechanism. The numerical and simulation results indicate that the TCP performance can be enhanced substantially by employing our on-board link layer relay mechanism.

A Jamalipour, M Marchese, HS Cruickshank, J Neale, SN Verma, AM Bush (2004)Guest editorial - Broadband IP networks via satellites - Part II, In: IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS22(3)pp. 433-437 IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
Sumaira Johar, Naveed Ahmad, Warda Asher, Haitham Cruickshank, Amad Durrani (2021)Research and Applied Perspective to Blockchain Technology: A Comprehensive Survey, In: Applied sciences11(14)6252 Mdpi

Blockchain being a leading technology in the 21st century is revolutionizing each sector of life. Services are being provided and upgraded using its salient features and fruitful characteristics. Businesses are being enhanced by using this technology. Countries are shifting towards digital currencies i.e., an initial application of blockchain application. It omits the need of central authority by its distributed ledger functionality. This distributed ledger is achieved by using a consensus mechanism in blockchain. A consensus algorithm plays a core role in the implementation of blockchain. Any application implementing blockchain uses consensus algorithms to achieve its desired task. In this paper, we focus on provisioning of a comparative analysis of blockchain's consensus algorithms with respect to the type of application. Furthermore, we discuss the development platforms as well as technologies of blockchain. The aim of the paper is to provide knowledge from basic to extensive from blockchain architecture to consensus methods, from applications to development platform, from challenges and issues to blockchain research gaps in various areas.

Carsten Maple, Gregory Epiphaniou, Waleed Hathal, Ugur Ilker Atmaca, Al Tariq Sheik, Haitham Cruickshank, Gregory Falco (2022)The Impact of Message Encryption on Teleoperation for Space Applications, In: 2022 IEEE Aerospace Conference (AERO)2022-pp. 1-10 IEEE

In-orbit construction and maintenance of large-scale structures such as the International Space Station (ISS) have led to increasing interest in developing effective and efficient teleoperation systems. However, teleoperation requires communication of data between the operator and the operation site which may be subject to cyber-attacks. Cyber security measures such as encryption and hashing can prevent these attacks from being successful however, these security measures create additional overheads in communications that can impact on the operators ability to effectively control the operations at a distance. This paper investigates the time delay impact of encryption security controls and presents an analysis of the impact of different encryption algorithms on the communication channel. An awareness of the performance cost of encryption methods allows mission planners to consider the risk of security compromise and balance this against performance costs.

Zhili Sun, Haitham Cruickshank, S Iyengar, Michael Howarth, L Claverotte, J de la Plaza (2002)IP multicast over satellites - technology challenges
Y Cao, Zhili Sun, Ning Wang, Maryam Riaz, Haitham Cruickshank, X Liu (2015)Geographic-Based Spray-and-Relay (GSaR): An efficient routing scheme for DTNs, In: IEEE Transactions on Vehicular Technology64(4)pp. 1548-1564 IEEE

In this paper, we design and evaluate the proposed geographic-based spray-and-relay (GSaR) routing scheme in delay/disruption-tolerant networks. To the best of our knowledge, GSaR is the first spray-based geographic routing scheme using historical geographic information for making a routing decision. Here, the term spray means that only a limited number of message copies are allowed for replication in the network. By estimating a movement range of destination via the historical geographic information, GSaR expedites the message being sprayed toward this range, meanwhile prevents that away from and postpones that out of this range. As such, the combination of them intends to fast and efficiently spray the limited number of message copies toward this range and effectively spray them within range, to reduce the delivery delay and increase the delivery ratio. Furthermore, GSaR exploits delegation forwarding to enhance the reliability of the routing decision and handle the local maximum problem, which is considered to be the challenges for applying the geographic routing scheme in sparse networks. We evaluate GSaR under three city scenarios abstracted from real world, with other routing schemes for comparison. Results show that GSaR is reliable for delivering messages before the expiration deadline and efficient for achieving low routing overhead ratio. Further observation indicates that GSaR is also efficient in terms of a low and fair energy consumption over the nodes in the network.

N Bhutta, G Ansa, E Johnson, N Ahmad, M AlSiyabi, Haitham Cruickshank (2009)Security analysis for Delay/Disruption Tolerant satellite and sensor Networkspp. 385-389

In the last few years, Delay/Disruption Tolerant Networking has grown to a healthy research topic because of its suitability for challenged environments characterized by heterogeneity, long delay paths and unpredictable link disruptions. This paper presents a DTN security architecture that focuses on the requirements for lightweight key management; lightweight AAA-like architecture for authentication/authorisation; resilience to Denial of Service attacks and user anonymity.

I Melhus, L Fan, F Arnal, C Baudoin, F Nivor, T Gayraud, P Berthout, G Fairhurst, A Fiaschetti, A Pietrabissa, L Pimpinella, L Lei, Haitham Cruickshank, Zhili Sun (2008)Cross-layer Optimization in the Next-generation Broadband Satellite Systems

Next-generation broadband satellite systems will have the capability to provide cost-effective universal broadband access for the users. In order to meet users’ requirements on high quality multimedia services, many enhancements have to be made on the existing satellite technologies. One of the promising methods is the introduction of cross-layer design. There are several advantages of a layered approach since modularity, robustness and ease of designs are achieved without difficulty. However the properties of the different layers have substantial interdependencies and a modularised design may therefore be suboptimal with regards to performance and availability in a hybrid satellite and mobile wireless environment. In this paper, we will carry out a review of the cross-layer design in satellite systems. Based on this, a cross-layer architecture for the next-generation broadband satellite system is proposed. The proposed cross-layer architecture has two main components: QoS and resource management and mobility management. In each component, the cross-layer techniques that have been used are described in details.

Parya Haji Mirzaee, Mohammad Shojafar, Zahra Pooranian, Pedram Asefy, Haitham Cruickshank, Rahim Tafazolli (2021)FIDS: A Federated Intrusion Detection System for 5G Smart Metering Network, In: 2021 17th International Conference on Mobility, Sensing and Networking (MSN)pp. 215-222 IEEE

In a critical infrastructure such as Smart Grid (SG), providing security of the system and privacy of consumers are significant challenges to be considered. The SG developers adopt Machine Learning (ML) algorithms within the Intrusion Detection System (IDS) to monitor traffic data and network performance. This visibility safeguards the SG from possible intrusions or attacks that may trigger the system. However, it requires access to residents' consumption information which is a severe threat to their privacy. In this paper, we present a novel method to detect abnormalities on a large scale SG while preserving the privacy of users. We design a Federated IDS (FIDS) architecture using Federated Learning (FL) in a 5G environment for the SG metering network. In this way, we design Federated Deep Neural Network (FDNN) model that protects customers' information and provides supervisory management for the whole energy distribution network. Simulation results for a real-time dataset demonstrate the reasonable improvement of the proposed FDNN model compared with the state-of-the-art algorithms. The FDNN achieves approximately 99.5% accuracy, 99.5% precision/recall, and 99.5% f1-score when comparing with classification algorithms.

Parya Haji Mirzaee, Mohammad Shojafar, Haitham Cruickshank, Rahim Tafazolli (2022)CHFL: A Collaborative Hierarchical Federated Intrusion Detection System for Vehicular Networks, In: 2022 27TH IEEE SYMPOSIUM ON COMPUTERS AND COMMUNICATIONS (IEEE ISCC 2022) IEEE

Wireless interfaces, remote control schemes, and increased autonomy have raised the attacks surface of vehicular networks. As powerful monitoring entities, intrusion detection systems (IDS) must be updated and customised to respond to emerging networks' requirements. As server-based monitoring schemes were prone to significant privacy concerns, new privacy constrained learning methods such as federated learning (FL) have received considerable attention in designing IDS. However, to alleviate the efficiency and enhance the scalability of the original FL, this paper proposes a novel collaborative hierarchical federated IDS, named CHFL for the vehicular network. In the CHFL model, a group of vehicles assisted by vehicle-to-everything (V2X) communication technologies can exchange intrusion detection information collaboratively in a private format. Each group nominates a leader, and the leading vehicle serves as the intermediate in the second level detection system of the hierarchical federated model. The leader communicates directly with the server to transmit and receive model updates of its nearby end vehicles. By reducing the number of direct communications to the server, our proposed system reduces network uplink traffic and queuing-processing latency. In addition, CHFL improved the prediction loss and the accuracy of the whole system. We are achieving an accuracy of 99.10% compared with 97.01% accuracy of the original FL.

Zhili Sun, M Ali, L Liang, Haitham Cruickshank (2011)Optimization of SIP Session Setup for VoIP over DVB-RCS Satellite Networks, In: International Journal of Satellite Communications Policy and Management1(1)pp. 55-76 Inderscience

With the proliferation of the internet, voice over IP has penetrated in both terrestrial and satellite networks. One of the popular protocols responsible for its widespread usage is SIP. SIP is the signalling protocol responsible for the session establishment and termination. By default, it uses UDP as the transport layer protocol. As UDP is an unreliable protocol, the retransmission of the SIP messages is managed by the application layer, using exponential backoff algorithm. In this paper, this retransmission algorithm is studied in satellite environment. Based on the shortcomings of this algorithm, a new algorithm is proposed. The performance of the new algorithm is tested and evaluated on the satellite network testbed at Centre for Communication Systems Research (CCSR), University of Surrey. The results show that the performance of the new algorithm is better than the basic one, in terms of number of retransmissions of SIP messages and their bandwidth consumption, in addition to reduction in call setup time.

M Alshamrani, HS Cruickshank, Z Sun, B Elmasri, V Fami (2013)Evaluation of SIP Signalling and QoS for VoIP over OLSR MANET Routing Protocol., In: D Al-Dabass, A Orsoni, J Yunus, RJ Cant, Z Ibrahim (eds.), UKSimpp. 699-706
Ao Lei, Yue Cao, Shihan Bao, Dasen Li, Philip Asuquo, Haitham Cruickshank, Zhili Sun (2020)A blockchain based certificate revocation scheme for vehicular communication systems, In: Future generation computer systems110pp. 892-903 Elsevier B.V

Both the academy and industry believe that Intelligent Transportation System (ITS) would be achievable in one decade since modern vehicle and communication technologies advanced apace. Vehicular Communication System (VCS) introduces information technology to the ITS and aims to improve road safety and traffic efficiency. In recent year, security and privacy schemes in VCS are becoming important. However, recovery mechanisms to eliminate the negative effect of security and privacy attacks are still an important topic for research. Therefore, the certificate revocation scheme is considered as a feasible technique to prevent the system from potential attacks. The major challenge of the certificate revocation scheme is to achieve low-cost operation since the communication resources must be capable of carrying various applications apart from the security and privacy purposes. In this paper, we propose an efficient certificate revocation scheme in VCS. The Blockchain concept is introduced to simplify the network structure and distributed maintenance of the Certificate Revocation List (CRL). The proposed scheme embeds part of the certificate revocation functions within the security and privacy applications, aiming to reduce the communication overhead and shorten the processing time cost. Extensive simulations and analysis show the effectiveness and efficiency of the proposed scheme, in which the Blockchain structure costs fewer network resources and gives a more economic solution to against further cybercrime attacks. •Blockchain based certificate revocation scheme helps to listen to the pseudonym ownership changing and timely updates the certificate revocation lists.•Certificate revocation lists are broadcasted along with the sharing of blocks which decreases the overheads.•The scheme can be seamless attached to the blockchain based security and privacy schemes.

Muhammad Nasir Mumtaz Bhutta, Haitham Cruickshank, Adnan Nadeem (2020)A Framework for Key Management Architecture for DTN (KMAD): Requirements and Design, In: 2019 International Conference on Advances in the Emerging Computing Technologies (AECT)9194164pp. 1-4 IEEE

Key Management in Delay Tolerant Networks (DTN) still remains an unsolved complex problem. Due to peculiar characteristics of DTN, important challenges that make it difficult to design key management architecture are: 1) no systematic requirement analysis is undertaken to define its components, their composition and prescribed functions; and 2) no framework is available for its seamless integration with Bundle Security Protocol (BSP). This paper proposes a Key Management Architecture for DTN (KMAD) to address challenges in DTN key management. The proposed architecture not only provides guidelines for key management in DTN but also caters for seamless integration with BSP. The framework utilizes public key cryptography to provide required security services to enable exchange of keying material, and information about security policy and cipher suites. The framework also supports secure exchange of control and data information in DTNs.

Waleed Hathal, Haitham Cruickshank, Zhili Sun, Carsten Maple (2020)Certificateless and Lightweight Authentication Scheme for Vehicular Communication Networks, In: IEEE transactions on vehicular technology69(12)9280431pp. 16110-16125 IEEE

Reducing the number of road accidents is a key agenda item for governments across the world. This has led to an increase in the amount of attention given to Vehicular Communication Systems (VCS), which are seen as an important technology that can offer significant improvements in road safety. Using VCS, vehicles can form a dynamic self-configuring network that enables a vehicle to communicate with other vehicles (V2V) and roadside infrastructure (V2I). However, such wireless communication channels are vulnerable to attacks, and therefore an authentication scheme for communications should be designed before the deployment. Prior work has focused on utilising digital signature approaches to achieve the security requirements, but due to the special characteristics of VCS, such approaches are not well suited for safety related applications of VCS, since they incur high communication and computation overheads. To combat this issue, we propose a certificateless and lightweight authentication scheme to provide means of secure communications for VCS. In this work we introduce authentication tokens, which replace digital certificates to reduce the burden of certificate management on a Trusted Authority (TA). In addition, the utilisation of tokens ensures that mutual authentication is achieved for V2I communication. Moreover, we employ TESLA as the underlying broadcast authentication protocol to achieve the required security goals for safety message broadcasting. According to the security analysis and extensive simulation of our scheme, the results show that it can withstands various types of attacks. Also it has better performance in term of verification delay, scalability and communication overhead compared to lightweight authentication schemes that are based on similar techniques. Therefore, the scheme is well suited for VCS

Gauhar Ali, Naveed Ahmad, Yue Cao, Shahzad Khan, Haitham Cruickshank, Ejaz Ali Qazi, Azaz Ali (2020)xDBAuth: Blockchain Based Cross Domain Authentication and Authorization Framework for Internet of Things, In: IEEE access89044312pp. 58800-58816 IEEE

The innovation of ubiquitous and pervasive computing helps service-oriented organizations in the realization of a virtual coalition. The virtual coalition is a set of IoT domains i.e., smart homes and smart hospitals that are linked together through communication lines to share resources. Such virtual coalitions need secure cross-domain permission delegation and access control mechanisms. In existing approaches, permission delegation and access control are performed at the resource owner domain or by a single trusted third party. This single trusted third party may fail to work or compromise. Therefore, it will collapse either the whole system or the security of the system. We propose xDBAuth, a decentralized Blockchain (BC) based permission delegation and access control framework for the Internet of Things (IoT). Also, we proposed a hierarchy of local and global smart contracts that perform permission delegation and access control for both internal and external user/IoT devices. Additionally, the proposed framework preserves an external user's privacy by allowing them to get authentication in their parent IoT domains. During authentication, Proof-of-Authenticity/Integrity (PoAI) mechanism is used to find and retrieve user/IoT device platform hashes stored on local BC. After successful authentication, BC authorizes the user/IoT device based on the validation of delegation policies stored on BC. We implemented the proposed framework using Node.js. The results show that the proposed xDBAuth is a lightweight framework with less computational overhead. xDBAuth produces high throughput in an environment having a large number of concurrent requests.

Xin Yang, Zhili Sun, Y Miao, Haitham Cruickshank (2016)QoS Routing for MANET and Satellite Hybrid Network to Support Disaster Relives and Management, In: Proceedings of the 2016 IEEE 83rd Vehicular Technology Conference (VTC Spring)

Communication technologies are very important for disaster management. Satellite network’s advantage of large coverage and Mobile Ad hoc Network’s (MANET) advantage of high flexibility could be ideal for disaster management. In this paper, the authors propose a novel scheme for providing reliable wireless communications in disaster sites with a hybrid network of terrestrial MANET and satellite network. In comparison with normal wireless routing approaches, i.e. AODV and AOMDV, the proposed scheme could achieve higher packet delivery ratio, higher throughput and lower delay; meanwhile it could also balance traffic loads at gateways to maximum satellite links’ utilization.

X Yu, P Navaratnam, K Moessner, H Cruickshank (2015)Distributed Resource Reservation in Hybrid MAC With Admission Control for Wireless Mesh Networks, In: IEEE TRANSACTIONS ON VEHICULAR TECHNOLOGY, VOL. 64, NO. 12, DECEMBER 2015
Philip Asuquo, Haitham Cruickshank, J Morley, Chibueze Pascal Anyigor Ogah, Ao Lei, Waleed Hathal, Shihan Bao, Zhili Sun (2018)Security and Privacy in Location-Based Services for Vehicular and Mobile Communications: An Overview, Challenges and Countermeasures, In: IEEE Internet of Things5(6)pp. 4778-4802 Institute of Electrical and Electronics Engineers (IEEE)

Location-based Services (LBS) have gained popularity as a result of the advances in mobile and communication technologies. LBS provide users with relevant information based on their location. In spite of the desirable features provided by LBS, the geographic location of users are not adequately protected. Location privacy is one of the major challenges in vehicular and mobile networks. In this article, we analyse the security and privacy requirements for LBS in vehicular and mobile networks. Specifically, this paper covers privacy enhancing technologies and cryptographic approaches that provide location privacy in vehicular and mobile networks. The different approaches proposed in literature are compared and open research areas are identified.

Philip Asuquo, Haitham Cruickshank, Chibueze Pascal Anyigor Ogah, Ao Lei, Zhili Sun (2018)A Distributed Trust Management Scheme for Data Forwarding in Satellite DTN Emergency Communications, In: IEEE Journal on Selected Areas in Communications36(2)pp. 246-256 Institute of Electrical and Electronics Engineers (IEEE)

Satellite Communications can be used when other communication systems are either destroyed or overloaded. Observation satellites and Delay/Disruption Tolerant Networks are technologies that can be interconnected to provide emergency communication for disaster recovery operations. DTNs use a store-carry-forward mechanism to forward messages through intermediary nodes to the destination node. The reliability of relaying messages through multi-hop nodes poses a significant problem in DTNs due to lack of consistent connectivity. These network characteristics make DTNs to heavily rely on the cooperation of neighbouring nodes for the successful delivery of packets. However, the presence of malicious or selfish nodes will have a great impact on the network performance. In this paper, we design a decentralised trust management scheme (DTMS) to filter out malicious nodes in DTNs. First, the number of forwarding evidence are combined with the energy consumption rate of the nodes to formulate direct trust. Then, a recommendation trust is computed from the indirect trust, recommendation credibility and recommendation familiarity. Recommendation credibility and familiarity improve the overall recommendation trust by filtering out dishonest recommendations. A comparative analysis of DTMS is performed against a Cooperative Watchdog Scheme (CWS), Recommendation Based Trust Model (RBTM) and Spray & Wait protocol. The results show that DTMS can effectively deal with malicious behaviours in DTNs including trust related attacks.

Haitham Cruickshank, Michael Howarth, S Iyengar, Zhili Sun (2005)A comparison between satellite DVB conditional access and secure IP multicast

Security of satellite data is becoming an important issue. The DVB (TV broadcasting) Conditional Access system used in satellite broadcasting has however been surrounded by controversy for many years due to the spread of counterfeit smart cards, and this paper examines the weaknesses of current DVB-S security. We provide an alternative solution to secure multicast services over satellites using IPSEC and a group key management system called GSAKMP.

Chibueze Pascal Anyigor Ogah, Haitham Cruickshank, Philip Asuquo, Ao Lei, Zhili Sun (2017)Experimental Privacy Analysis and Characterization for Disconnected VANETs, In: Ifiok Otung, Prashant Pillai, George Eleftherakis, Giovanni Giambene (eds.), Wireless and Satellite Systems186pp. 119-129

Intelligent Transport Systems (ITS) are special applications of Vehicular Ad-hoc Networks (VANETs) for road safety and efficient traffic management. A major challenge for ITS and VANETs in all its flavours is ensuring the privacy of vehicle drivers and the transmitted location information. One attribute of ITS during its early roll-out stage especially in rural areas and challenged environments is low vehicle density and lack of end-to-end connectivity akin to the attribute of Vehicular Delay Tolerant Networks (VDTNs). This means that contact duration between network entities such as vehicles and road-side units (RSUs) are short-lived. Three popular solutions are the use of pseudonyms, mix-zones, and group communication. Privacy schemes based on the mix-zone technique abound for more conventional VANETs. A critical privacy analysis of such scenarios will be key to the design of privacy techniques for intermittent networks. We are not aware of any work that analyse the privacy problem in intermittent VANTEs. In this paper, we add our voice to efforts to characterize the privacy problem in disconnected VANETs.

L Caviglione, N Celandroni, M Collina, Haitham Cruickshank, G Fairhurst, E Ferro, A Gotta, M Luglio, C Roseti, ASA Salam, R Secchi, Zhili Sun, A Vanelli-Coralli (2015)A deep analysis on future web technologies and protocols over broadband GEO satellite networks., In: Int. J. Satellite Communications Networking33(5)5pp. 451-472 Wiley

The goal of this work was to understand the direction of the emerging web technologies and to evaluate their expected impact on satellite networking. Different aspects have been analysed using both real satellite testbeds and emulation platforms in different test sites in Europe. This analysis included an evaluation of those HTTP/2.0 specifications, which were implemented and released as open-source code in the experimental release of the SPDY protocol. SPDY performance was evaluated over satellite testbeds in order to understand the expected interaction with performance-enhancing proxies (including scenarios with a SPDY proxy at a satellite gateway), the impact of security and the effect of satellite capacity allocation mechanisms. The analysis also considered the impact of application protocols and the delay induced by end-system networks, such as a satellite-connected WiFi network. Copyright © 2015 John Wiley & Sons, Ltd.

M Al-Siyabi, Haitham Cruickshank, Zhili Sun (2010)Delay/Disruption Tolerant Network Architecture for Aircrafts Datalink on Scheduled Routes., In: K Sithamparanathan, M Marchese, M Ruggieri, I Bisio (eds.), PSATS43pp. 235-248
Haitham Cruickshank, Zhili Sun (2000)Analysis of IP voice conferencing over geostationary satellite systems, In: IEEE Colloquium (Digest)(17)pp. 5-10

Satellites are foreseen to be complementary to the future terrestrial networks in deploying multimedia communication systems. The use of Geostationary multi-beams and On-Board Processing (OBP) provides a great opportunity for the speedy deployment of real time services such as IP Voice services over satellites. Voice over IP is a new technology and has the potential to revolutionise telephone communications within the modern enterprise, and promises new integrated services and lower costs. This paper examines the challenges of providing IP telephony, multiparty conference service and using IP multicast to distribute voice conferencing packets over Geostationary satellites. Also this paper analyses the delays in setting/joining audio conferences and proposes to reduce the H.323 signalling messages in order to reduce the audio conference signalling delays.

VHF Tafreshi, HS Cruickshank, Z Sun (2013)Byzantine Robustness for future inter-domain routing security through integrated management plane., In: FD Turck, Y Diao, CS Hong, D Medhi, R Sadre (eds.), IMpp. 820-823
MNM Bhutta, H Cruickshank, J Ashworth, M Moseley (2012)Redesigning of IPSec for interworking with satellite performance enhancing proxies, In: Proceedings of the 2011 6th International ICST Conference on Communications and Networking in China, CHINACOM 2011pp. 1104-1109

Performance Enhancing Proxies (PEPs) are used in satellite networks for better performance of the TCP/IP applications. Multi-layer IPSec (ML-IPSec) resolves the conflict between end-to-end security in standard IPSec and working of PEPs. This paper presents the concept and detailed design of ML-IPSec by breaking the IP datagram into three zones while enabling the intermediate nodes to access the TCP header and HTTP header information. The paper also presents an efficient interworking scheme between ML-IPSec and secure IP multicast using the Logical Key Hierarchy for key distribution. © 2011 IEEE.

M Annoni, G Boiero, N Salis, Haitham Cruickshank, Michael Howarth, Zhili Sun (2002)Interworking between multi-layer IPSEC and secure multicast services over GEO satellites
N Bhutta, HS Cruickshank (2013)A New Dynamic Multilayer IPSec Protocol, In: 4th International ICST Conference, PSATS 2012 Personal Satellite Services52pp. 119-129
Y Miao, Zhili Sun, Ning Wang, Y Cao, Haitham Cruickshank (2016)Time Efficient Data Collection with Mobile Sink and vMIMO Technique in Wireless Sensor Networks, In: IEEE Systems Journal12(1)pp. 639-647 IEEE

Data collection is a fundamental yet challenging task of Wireless Sensor Networks (WSN) to support a variety of applications, due to the inherent distinguish characteristics for sensor networks, such as limited energy supply, self-organizing deployment and QoS requirements for different applications. Mobile sink and virtual MIMO (vMIMO) techniques can be jointly considered to achieve both time efficient and energy efficient for data collection. In this paper, we aim to minimize the overall data collection latency including both sink moving time and sensor data uploading time. We formulate the problem and propose a multihop weighted revenue (MWR) algorithm to approximate the optimal solution. To achieve the trade-off between full utilization of concurrent uploading of vMIMO and the shortest moving tour of mobile sink, the proposed algorithm combines the amount of concurrent uploaded data, the number of neighbours, and the moving tour length of sink in one metric for polling point selection. The simulation results show that the proposed MWR effectively reduces total data collection latency in different network scenarios with less overall network energy consumption.

S Mirzadeh, H Cruickshank, R Tafazolli (2014)Secure Device Pairing: A Survey, In: IEEE COMMUNICATIONS SURVEYS AND TUTORIALS16(1)pp. 17-40 IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
N Ahmad, Haitham Cruickshank, Zhili Sun (2010)ID Based Cryptography and Anonymity in Delay/Disruption Tolerant Networks, In: K Sithamparanathan, M Marchese, M Ruggieri, I Bisio (eds.), PSATSpp. 265-275
Guido Dartmann, Anke Schmeink, Volker Lücken, Houbing Song, Martina Ziefle, Giovanni Prestiflippo, Haitham Sattar Cruickshank (2021)Pseudonym Management through Blockchain: Cost-efficient Privacy Preservation on Smart Transportation, In: Smart Transportationpp. 121-150 Taylor & Francis Group
Tianru Li, Zhili Sun, Haitham Cruickshank (2021)The trade-off between the centralized and mobile edge-based cloud solutions for IoT applications, In: Victor Chang, Yongxin Zhu, Hong Yu (eds.), Proceedings of SPIE - The International Society for Optical Engineering12128121280Cpp. 121280C-121280C-9 SPIE

At the beginning of the 2020s, computing is moving into a new phase from a centralized model to a decentralized one. The first shift from centralized computing to decentralized computing in 1980 was due to personal computing, which formed a foundation for the decentralization method. Since mid-2000, the centralized cloud computing has begun its rise to the outstanding position. Driven by the flourishing of IoT, many new issues have arisen, such as unprecedented data volume, latency control, bandwidth efficiency, reliability of service, and sustainability. These issues limit the development of latency-sensitive IoT-based applications such as unmanned autonomous vehicles (UAV), Machine to Machine (M2M) communications. Hence, various emerging edge-based computing models have been proposed to address these issues related to the post-cloud. This paper first reviews the concepts and challenges of cloud computing. It then explores the driving force from IoT technologies and reveals the relationship between the flourish of IoT and the emerging of post-cloud computing. It also compares several fundamental post-cloud paradigms and propose a new method to meet the challenges using simulations methods. Finally, it concludes the paper and highlights prospects for future research.

Seyed Ahmad Soleymani, Shidrokh Goudarzi, Mohammad Hossein Anisi, Haitham Cruickshank, Anish Jindal, Nazri Kama (2023)TRUTH: Trust and Authentication Scheme in 5G-IIoT, In: IEEE transactions on industrial informatics19(1)pp. 880-889
Wee Hock Desmond Ng, Zhili Sun, Haitham Cruickshank (2005)Group Key Management with Network Mobility, In: 13th IEEE International Conference on Networks jointly held with the 7th IEEE Malaysia International Conference on Communications, Proceedings 1 and 22pp. 716-721 Institute of Electrical and Electronics Engineers

Secure multicast communication is important for both wired and wireless applications. For groups with frequent join or depart requests, a distributed architecture that partitions the group members into several areas is preferred. Inside each area, scalable algorithms such as Logical Key Hierarchy (LKII) can be used to update the group key. However, these algorithms do not consider mobile members traveling in a Mobile Network as a whole. In this paper, we proposed two group key management schemes, which treat mobile members traveling in a Mobile Network as a whole. Both schemes try to reduce the communication costs when the Mobile Network moves in or out of the area. Simulation results show significant reduction in communications costs even for small number of mobile members in the Mobile Network.

M Alshamrani, HS Cruickshank, Z Sun, V Fami, B Elmasri, E Danish (2013)Signaling Performance for SIP over IPv6 Mobile Ad-Hoc Network (MANET)., In: ISMpp. 231-236 IEEE Computer Society
David Owens, Shuja Ansari, Haitham Cruickshank, Rahim Tafazolli, Muhammad Ali Imran (2022)Building penetration loss measurements and modelling in the 900 and 2100 MHz band for smart meter installation, In: Frontiers in communications and networks3

One of the most significant applications of Internet of Things are smart meters with wireless capabilities. Smart gas and electricity meters can capture half-hourly pricing and consumption data and send automated meter readings to your energy provider, in contrast to regular meters that can only register a running total of energy used. However, the legacy regular meters were not installed with wireless connectivity in mind and are usually found in hard-to-reach places for wireless radio coverage. To understand these scenarios, this paper provides signal strength measurements conducted at the Building Research Establishment determining building penetration losses in both 900 and 2,100 MHz band. We then present a building penetration loss model using these measurements that is practical and cost effective when compared to traditional statistical propagation loss models.

S Iyengar, Haitham Cruickshank, L Duquerroy, Zhili Sun, C Baudoin (2008)ULE link layer security for DVB networks, In: L Fan, H Cruickshank, Z Sun (eds.), IP NETWORKING OVER NEXT-GENERATION SATELLITE SYSTEMSpp. 287-308
Y Cao, Zhili Sun, Ning Wang, Haitham Cruickshank, N Ahmad (2013)A reliable and efficient geographic routing scheme for delay/disruption tolerant networks, In: IEEE Wireless Communications Letters2(6)pp. 603-606

The research in this letter focuses on geographic routing in Delay/Disruption Tolerant Networks (DTNs), by considering sparse network density. We explore the Delegation Forwarding (DF) approach to overcome the limitation of the geometric metric which requires mobile node moving towards destination, with the Delegation Geographic Routing (DGR) proposed. Besides, we handle the local maximum problem of DGR, by considering nodal mobility and message lifetime. Analysis and evaluation results show that DGR overcomes the limitation of the algorithm based on the given geometric metric. By overcoming the limited routing decision and handling the local maximum problem, DGR is reliable for delivering messages before expiration lifetime. Meanwhile, the efficiency of DGR regarding low overhead ratio is contributed by utilizing DF. © 2013 IEEE.

M Noisternig, B Collini-Nocker, P Pillai, L Liang, HS Cruickshank (2009)Transmitter and Receiver Processing Specification for a Unified ULE Security Extensionpp. 115-119

The Unidirectional Lightweight Encapsulation (ULE) protocol has been defined for efficient transport of IPv4/6 and other protocols over the MPEG-2 Transport Stream (TS). The proliferation of this technology on the mass market may benefit from a security solution protecting against potential threats such as eavesdropping, as well as masquerading, modification of messages, and replay attacks, similar to 802.11 security. A unified ULE security extension header format has been proposed previously by the authors. This paper discusses in detail the processing required for transmitters and receivers supporting this security extension for ULE.

Haitham Cruickshank, A Sanchez, Z Sun, B Carro (2001)Voice over IP over satellite links, In: ICECS 2001: 8TH IEEE INTERNATIONAL CONFERENCE ON ELECTRONICS, CIRCUITS AND SYSTEMS, VOLS I-III, CONFERENCE PROCEEDINGSpp. 473-476
Haitham Cruickshank, Michael Howarth, S Iyengar, Zhili Sun (2003)Key management and multi-layer IPSEC for satellite multicast
V Heydari Fami Tafreshi, E Ghazisaeedi, Haitham Cruickshank, Zhili Sun (2014)Integrating IPsec within OpenFlow Architecture for Secure Group Communication, In: ZTE CommunicationsVol. 1(No. 2)pp. 41-49 ZTE Corporation

Network security protocols such as IPsec have been used for many years to ensure robust end⁃to⁃end communication and are impor⁃ tant in the context of SDN. Despite the widespread installation of IPsec to date, per⁃packet protection offered by the protocol is not very compatible with OpenFlow and flow⁃like behavior. OpenFlow architecture cannot aggregate IPsec⁃ESP flows in transport mode or tunnel mode because layer⁃3 information is encrypted and therefore unreadable. In this paper, we propose using the Secu⁃ rity Parameter Index (SPI) of IPsec within the OpenFlow architecture to identify and direct IPsec flows. This enables IPsec to con⁃ form to the packet⁃based behavior of OpenFlow architecture. In addition, by distinguishing between IPsec flows, the architecture is particularly suited to secure group communication.

M Ali, L Liang, Zhili Sun, Haitham Cruickshank, P Thompson, T Bouquentar, N Alagha (2010)End-to-end QoS Measurement over a DVB-RCS Satellite Network, In: K Sithamparanathan, M Marchese, M Ruggieri, I Bisio (eds.), Personal Satellite Services43pp. 130-144

Satellites play an important role in the future network due to their wide area coverage and for providing connectivity in remote regions of the world. This paper presents the end-to-end quality of service (QoS) measurements taken employing a European Space Agency (ESA) testbed over DVB-RCS infrastructure, in collaboration with University of Surrey, UK. The applications chosen for these experiments are file transfer (FTP), web browsing (HTTP) and video streaming. File transfer and web browsing require reliable transport mechanism as a corrupted bit will hinder the intact data delivery. Therefore, these applications use transmission control protocol (TCP) as the transport protocol. TCP involves a three way handshake, which introduces extra delay during data transfer. Video streaming is a real time application. It is time-sensitive and requires lesser reliability compared to FTP and Web services. Hence, it employs user datagram protocol (UDP) at the transport layer, which do not offer any guarantee of reliable data delivery but timely. The parameters that have been used to evaluate quality of service (QoS) are packet delivery time, file download time, round trip delay, packet sizes and packet loss. The paper presented measurement results and comparative analysis of the QoS of the applications over the DVB-RCS testbed.

CPA Ogah, Haitham Cruickshank, Zhili Sun, Philip Asuquo, Ganesh Chandrasekaran, Y Cao, Masoud Al Tawqi (2016)Privacy-Enhanced Group Communication for Vehicular Delay Tolerant Networks, In: K AlBegain, N AlBeiruti (eds.), Proceedings of 2015 9th International Conference on Next Generation Mobile Applications, Services and Technologiespp. 193-198

Vehicular Delay Tolerant Networking (VDTN) is a special instance of Vehicular Ad hoc Networking (VANET) and in particular Delay Tolerant Networking (DTN) that utilizes infrastructure to enhance connectivity in challenged environments. While VANETs assume end-to-end connectivity, DTNs and VDTNs do not. Such networks are characterized by dynamic topology, partitioning due to lack of end-to-end connectivity, and opportunistic encounters between nodes. Notably, VDTNs enhances the capabilities DTNs to provide support for delay and intermittent connectivity. Hence, they can easily find applicability in the early stages of the deployment of vehicular networks characterized by low infrastructure deployment as is obtainable in rural areas and in military communications. Privacy implementation and evaluation is a major challenge in VDTNs. Group communication has become one of the well discussed means for achieving effective privacy and packet routing in ad hoc networks including VDTNs. However, most existing privacy schemes lack flexibility in terms of the dynamics of group formation and the level of privacy achievable. Again, it is difficult to evaluate privacy for sparse VDTNs for rural area and early stages of deployment. This paper reports on an improved privacy scheme based on group communication scheme in VDTNs. We analyze the performance of our model in terms of trade-off between privacy and performance based on delivery overhead and message delivery ratio using simulations. While this is a work in progress, we report that our scheme has considerable improvement compared to other similar schemes described in literature.

Philip Asuquo, Haitham Cruickshank, Zhili Sun, Ganesh Chandrasekaran (2016)Analysis of DoS Attacks in Delay Tolerant Networks for Emergency Evacuation., In: K Al-Begain, N AlBeiruti (eds.), Proceedings of 2015 9th International Conference on Next Generation Mobile Applications, Services and Technologiespp. 228-233

In the event of a disaster, there is a severe damage/destruction to physical infrastructures such as telecommunication and power lines which result in the disruption of communication in this areas. For such scenarios, Delay Tolerant Network (DTN) provides an alternative means of communication. In Delay Tolerant Networks (DTNs), a message from a source node may be delivered to the destination node despite the non-existence of an infrastructure and an end-to-end connectivity. However DTNs are susceptible to security threats such as DoS attacks targeted at disrupting relayed packets or dropping critical packets during a disaster rescue operation. DoS attacks consist of blackhole, grayhole, wormhole, packet flooding attacks etc. The scope of this paper is to study the impacts of blackhole and packet flooding attacks in a post disaster communication network using DTN. Various performance metrics in DTN have been used to study the impacts of different DoS attacks in DTN and a comprehensive analysis is presented.

M Ali, L Liang, Zhili Sun, Haitham Cruickshank (2009)SIP Signalling and QoS for VoIP over IPv6 DVB-RCS Satellite Networkspp. 419-423

With the rapid development of the Internet, new technologies and applications are emerging. One of the important applications is voice over IP. Satellites are playing an important role to provide VoIP services with their global coverage and onboard processing ability over IP networks. Satellite network environment, generally characterized by large delay and erroneous link, is considered to be unfriendly to VoIP. The performance of VoIP is adversely influenced by these demerits. The performance metrics of VoIP are signaling, bandwidth, delay, jitter and packet loss. Signaling plays a key role in call establishment and rest of the parameters signifies the quality of service (QoS). In this paper, the performance related issues of SIP-based VoIP over current, IPv4, and next generation, IPv6 satellites is studied. A comparative analysis is performed for different voice codecs. The experimentation is carried out on the satellite network testbed at Centre for Communication Systems Research (CCSR) at University of Surrey. The results show that delay, jitter and packet loss are quite comparable for both current and next generation satellites. SIP signaling performs poorly in IPv6 as compared to IPv4. IPv6 can be adapted for VoIP over next generation satellites, but with some modifications for SIP signaling.

Remote Instrumentation Services (RIS) are an important component in PPDR applications, where heterogeneous devices can be present, ranging from measurement instrumentation and environmental sensors to telemedicine equipment. The presence of high disruption and absence of communication infrastructure might represent satellite network the only access possibility to remote areas. This paper focuses on examining the security and networking issues in satellite p2p, remote instrumentation services, and the related PPDR applications; also it highlights the security issues which rise due to high disruption, disconnectivity, and deployment of heterogeneous.

M Ali, L Liang, Z Sun, HS Cruickshank (2010)Evaluation of transport protocols for SIP signaling over IPv6 DVB-RCS satellite networks., In: RCD Lamare, PD Mitchell, M Haardt, YV Zakharov, AG Burr (eds.), ISWCSpp. 800-804
Zhili Sun, Yichao Yang, Yanbao Zhou, Haitham Cruickshank (2016)Agent-Based Resource Management for Mobile Cloud, In: Web-Based Services: Concepts, Methodologies, Tools, and Applicationspp. 290-306 IGI Global

Mobile cloud computing is a new computing paradigm to integrate cloud computing technology into the mobile environment. It takes full advantages of cloud computing with great potential to transform a large part of the IT industry. The objectives of mobile cloud computing are to meet user demand, efficiently utilize a pool of resources, including mobile network, storage, and computation resources, and optimize energy on mobile devices. Here, the authors review the current mobile cloud computing technologies, highlight the main issues and challenges for the future development, and focus on resource management. Then, combining the current agent architectures and resource optimization strategies, they present an agent-based resource management to deal with multiple data and computation intensive applications of user demand. The chapter offers a promising solution of selecting the best service provider and efficiently utilizing mobile network resources given the user's request constraint.

Zhili Sun, Michael Howarth, Haitham Cruickshank, S Iyengar, L Claverotte (2003)Networking issues in IP multicast over satellite, In: INTERNATIONAL JOURNAL OF SATELLITE COMMUNICATIONS AND NETWORKING21(4-5)pp. 489-507

This paper describes the issues that arise when using satellites for IP multicast, with the emphasis on multicast protocols and how their implementation depends on the satellite communications platform. Various link layer standards such as DVB-S, DVB-RCS and ATM can be used in satellites with on-board processing, and applied to meet user and network requirements for IP multicast. The paper provides an overview of the networking issues and their interactions. Specifically, we show how multicast networking protocols have to be modified to take into account the satellite link characteristics: these protocols include IGMP, multicast routing protocols and reliable multicast protocols. We also discuss how security systems support IP multicast.

G Ansa, E Johnson, HS Cruickshank, Z Sun (2010)Mitigating Denial of Service Attacks in Delay-and Disruption-Tolerant Networks., In: K Sithamparanathan, M Marchese, M Ruggieri, I Bisio (eds.), PSATS43pp. 221-234
Zhili Sun, T Ors, Haitham Cruickshank, Barry Evans (1996)Implementation of ATM over satellite for broadband services, In: IEEE Colloquium (Digest)(224)

It has been recognised that satellites can play very important role in supporting B-ISDN services based on ATM technology. There have been several projects to exploit ATM over satellite for broadband services since 1992. These include the European RACE II CATALYST project which developed a satellite ATM demonstrator and the EPSRC project which studied the interconnection of Broadband ATM Islands via satellite. In a broadband network environment, ATM over satellite can be used for inter-network connections as transit link and for terminal access as access link. For transit link a small number of earth stations require a high bit rate link. Static bandwidth reservation based on estimated fixed rates provide a simple solution. However for terminal access a large number of terminals require low bit rate links. Since the traffic is expected to have large fluctuations, a dynamic reservation system is a more efficient but complex solution. Dynamic reservation Time Division Multiple Access (TDMA) appears to be the best solutions, as it takes advantage of the flexibility and statistical multiplexing capabilities of ATM and supports all traffic classes. The paper shows that ATM over satellite can implement a flexible and efficient bandwidth resource management mechanisms which allows the satellite link to be configured to meet the requirements of broadband services from low bit rate to high bit rate. © 1996 The Institution of Electrical Engineers. Printed and published by the IEE.

There are a variety of satellite applications that require application intelligence at intermediate devices for their proper functioning e.g. satellite networks using (Performance Enhancing Proxies, PEPs), real time streaming applications like SIP, H.323 and peer-to-peer applications. Interworking between PEPs and security system has been researched in the past. Multi-layer IPSec (ML-IPSec) resolves the conflict between end-to-end security in standard IPSec and working of PEPs. This paper presents the concept and detailed design of ML-IPSec by breaking the IP datagram into three zones while enabling the intermediate nodes to access the TCP header and HTTP header information. The paper also presents an efficient interworking scheme between ML-IPSec and secure IP multicast using the Logical Key Hierarchy for key distribution.

Haitham Cruickshank, L Liang, L Fan, Zhili Sun, S Iyengar, M Mazzella (2008)Link layer security design for IPv6 over satellite DVB networks, In: ICT-MobileSummit 2008 Conference Proceedings

There is growing interest in providing multimedia and broadband access over satellites. However there are several technical challenges need to be addressed. One challenge is security in terms of understanding threats and providing an effective security system. This paper presents a security solution for the Unidirectional Lightweight Encapsulation (ULE). The security header extensions are presented together with detailed transmitter and receiver processing. Finally, the implementation of this solution is shown over the SATSIX project satellite emulator platform.

HS Cruickshank, RJ Mort, M Berioli (2009)Broadband Satellite Multimedia (BSM) Security Architecture and Interworking with Performance Enhancing Proxies., In: K Sithamparanathan, M Marchese (eds.), PSATS15pp. 132-142
A Leung, Y Sheng, HS Cruickshank (2007)The security challenges for mobile ubiquitous services., In: Inf. Sec. Techn. Report123pp. 162-171
Haitham Cruickshank, S Iyengar, Michael Howarth, Zhili Sun (2002)Securing satellite communications
Haitham Cruickshank, Zhili Sun, S Velentzas (1997)Securing user, control and management planes in ATM networks, In: HK Pung, LH Ngoh, J Biswas (eds.), NETWORKS: THE NEXT MILLENNINUM - THE IEEE SINGAPORE INTERNATIONAL CONFERENCE ON NETWORKS 1997, IEEE SICON'97pp. 101-115
H Johnson, Haitham Cruickshank, Zhili Sun (2013)Providing Authentication in Delay/Disruption Tolerant Networking (DTN) Environment, In: 4th International ICST Conference, PSATS 2012,52pp. 189-196

DTN environment is characterized by intermittent connectivity, high/variable delay, heterogeneity, high error rate and asymmetric data rate amongst others. These characteristics accounts for the poor behavior of Internet protocols in this environment. To address these problems, DTN was conceived and designed together with specialized protocols to carry out its services. Its emergence called for a new concept in security that was considered at the design stage. The main aim of this paper is to propose a traditional cryptography based authentication scheme that does not depend on network administrator’s availability during post network authentication communication and facilitates bundle processing by the recipient in the absence of connectivity. In this paper, we present and discuss the system model, the proposed credential and the propose authentication scheme. A simulation framework is developed for the implementation of the proposed and referenced schemes. From the simulation results, the proposed scheme was observed to be independent of network administrator’s availability during post network authentication communication and facilitates bundle processing in the absence of connectivity.

M Asif, Z Sun, HS Cruickshank (2009)Admission control protocols in mobile ad hoc networks provisioning QoS., In: SA Madani (eds.), FITpp. 64-64
HS Cruickshank, L Liang, P Pillai, M Noisternig, B Collini-Nocker, G Fairhurst (2013)Unified Link Layer Security Design for IP Encapsulation using Unidirectional Lightweight Encapsulation over Satellites, In: 27th IET and AIAA International Communications Satellite Systems Conference Proceedingspp. 113-?

There is growing interest in providing multimedia and broadband access over satellites. However there are several technical challenges need to be addressed. One challenge is security in terms of understanding threats and providing an effective security system. Also this paper presents a ULE security solution using ULE mandatory extension headers. The design issues and choices are discussed. The detailed security header format is described together with processing sequence in both transmitter and receiver sides.

R Mort, M Berioli, HS Cruickshank (2017)Network Management Architectures for Broadband

The approach currently being taken by ETSI (BSM) in defining future open standards for network management architecture for IP-based broadband multimedia satellite systems is described. This work has recently begun and the final objective is to arrive at a consensus for an architecture which meets the requirements of compatibility and interworking with external networks (e.g. within the NGN) and is flexible enough to meet different operators needs.

S Mirzadeh, H Cruickshank, R Tafazolli (2008)An efficient key management solution for personal network federations, In: Proceedings - The 2nd International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies, UBICOMM 2008pp. 401-406
M Asif, Z Sun, HS Cruickshank, N Ahmad (2011)QoS assurance in MANETs using flow aware admission control - Multipath protocol., In: S Zhong, D Dou, Y Wang (eds.), IPCCCpp. 1-2
Ao Lei, Haitham Cruickshank, Y Cao, Philip Asuquo, Chibueze Pascal Anyigor Ogah, Zhili Sun (2017)Blockchain-Based Dynamic Key Management for Heterogeneous Intelligent Transportation Systems, In: Internet of Things Journal4(6)pp. 1832-1843 IEEE

As modern vehicle and communication technologies advanced apace, people begin to believe that Intelligent Transportation System (ITS) would be achievable in one decade. ITS introduces information technology to the transportation infrastructures and aims to improve road safety and traffic efficiency. However, security is still a main concern in Vehicular Communication Systems (VCS). This can be addressed through secured group broadcast. Therefore, secure key management schemes are considered as a critical technique for network security. In this paper, we propose a framework for providing secure key management within the heterogeneous network. The security managers (SMs) play a key role in the framework by capturing the vehicle departure information, encapsulating block to transport keys and then executing rekeying to vehicles within the same security domain. The first part of this framework is a novel network topology based on a decentralised blockchain structure. The blockchain concept is proposed to simplify the distributed key management in heterogeneous VCS domains. The second part of the framework uses the dynamic transaction collection period to further reduce the key transfer time during vehicles handover. Extensive simulations and analysis show the effectiveness and efficiency of the proposed framework, in which the blockchain structure performs better in term of key transfer time than the structure with a central manager, while the dynamic scheme allows SMs to flexibly fit various traffic levels.

L Liang, L Fan, Haitham Cruickshank, Z Sun, C Baudoin, D Barvaux (2008)A ULE security approach for satellite networks on PLATINE test bed, In: 26th AIAA International Communications Satellite Systems Conference, ICSSC
Chibueze Pascal Anyigor Ogah, Haitham Cruickshank, Philip Asuquo, Ao Lei, Zhili Sun (2017)Delay Tolerant Revocation Scheme for Delay Tolerant VANETs (DTRvS), In: Alessandro Piva, Ilenia Tinnirello, Simone Morosi (eds.), Digital Communication. Towards a Smart and Secure Future Internet766pp. 143-164 Springer International Publishing

This article discusses an effective revocation scheme for disconnected Delay Tolerant Vehicular Ad hoc Networks (VANETs). Malicious vehicles can exhibit various misbehaviour such as dropping packets due to selfish reasons. Selfishness can be due to the need to conserve limited resources such as energy and bandwidth. This forces vehicles to either drop all or some of the packets they receive. This is particularly obtainable in multi-hop forwarding networks where packets are routed from one vehicle to another towards their destination. When some packets are dropped, the usefulness of the system is not fully realised since it affects the quality of information available to vehicles for making driving decisions such as road manoeuvres. Additionally, packet dropping can degrade the routing efficiency of the system. In extreme cases of misbehaviour, it is important to stop such vehicles from further participation in network communication. One way of achieving this is through revocation. However, it is important to establish mechanisms for identifying such vehicles before blacklisting them for revocation. Our objective here is to address the question of how much we can use a trust-based scheme where vehicles cannot always be expected to follow normal protocols for revocation. Revocation or suspension of misbehaving vehicles is essential to avoid havoc and possible economic damage.

I Melhus, L Fan, Haitham Cruickshank, F Arnal, C Baudoin, F Nivor, T Gayraud, F Rodriguez, A Pietrabissa, L Lei, Z Sun (2008)Cross-layer optimization in the next-generation broadband satellite systems, In: 26th AIAA International Communications Satellite Systems Conference, ICSSC
Y Cao, Z Sun, N Ahmad, H Cruickshank (2012)A Mobility Vector Based Routing Algorithm for Delay Tolerant Networks Using History Geographic Information, In: 2012 IEEE WIRELESS COMMUNICATIONS AND NETWORKING CONFERENCE (WCNC)
Michael Howarth, S Iyengar, Haitham Cruickshank, Zhili Sun (2002)Security systems for multicast data transfer over satellite
L Liang, H Cruickshank, Z Sun, C Kulatunga, G Fairhurst (2010)The Integration of TESLA and FLUTE over Satellite Networks, In: 2010 IEEE GLOBAL TELECOMMUNICATIONS CONFERENCE GLOBECOM 2010
HS Cruickshank (2008)A Link Adaptive Transport Protocol for Multimedia Streaming Applications in Multi Hop Wireless Networks, In: Pringer Mobile Networks and ApplicationsVolume(DOI: 1)Numberpp. 246-258 Springer

ransport layer performance in multi hop wireless networks has been greatly challenged by the intrinsic characteristics of these networks. In particular, the nature of congestion, which is mainly due to medium contention in multi hop wireless networks, challenges the performance of traditional transport protocols in such networks. In this paper, we first study the impact of medium contention on transport layer performance and then propose a new transport protocol for improving quality of service performance in multi hop wireless networks. Our proposed protocol, Link Adaptive Transport Protocol provides a systemic way of controlling transport layer offered load for multimedia streaming applications, based on the degree of medium contention information received from the network. Simulation results show that the proposed protocol provides an efficient scheme to improve quality of service performance metrics, such as end-to-end delay, jitter, packet loss rate, throughput smoothness and fairness for media streaming applications. In addition, our scheme requires few overhead and does not maintain any per-flow state table at intermediate nodes. This makes it less complex and more cost effective.

G Fairhurst, A Sathiaseelan, HS Cruickshank, C Baudoin (2009)Transport Challenges Facing a Next Generation Hybrid Satellite Internet, In: International Journal of Satellite Communications and Networking (IJSCN)

This paper considers the transport layer implications by assuming a position where satellite networks form one integrated component of a hybrid Internet architecture. It reviews the key role of transport protocols in providing a reliable and robust end-to-end Internet service. A history of TCP protocol evolution from a satellite perspective is followed by focussing on the role of protocol-enhancing proxies in satellite systems and how these have impacted the introduction of new Internet transport techniques. Current transport research issues are identified and related to two new architectural approaches to highlight the expected performance benefits and derive the implications on the design of geostationary satellite Internet systems as the network evolves toward a next-generation Internet.

M Alshamrani, HS Cruickshank, Z Sun, V Fami, B Elmasri (2013)Evaluation of SIP Signalling and QoS for VoIP over MANETs Reactive Routing Protocols., In: NGMASTpp. 105-110 IEEE
Y Sheng, H Cruickshank, AD Pragad, P Pangalos, AH Aghvami (2008)An Integrated QoS, Security and Mobility Framework for Delivering Ubiquitous Services Across All IP-based Networks, In: 2008 IEEE 19TH INTERNATIONAL SYMPOSIUM ON PERSONAL, INDOOR AND MOBILE RADIO COMMUNICATIONSpp. 2371-2375
Haitham Cruickshank, Zhili Sun, Z Fan (2001)Universal serial bus implementation in an integrated access chip for ISDN systems, In: IEE PROCEEDINGS-COMMUNICATIONS148(4)pp. 207-211 IEE-INST ELEC ENG
VHF Tafreshi, Haitham Cruickshank, Zhili Sun (2014)Architecture for satellite services over cryptographically heterogeneous networks with application into smart grid, In: Proceedings of the 2014 7th Advanced Satellite Multimedia Systems Conference and the 13th Signal Processing for Space Communications Workshop (ASMS/SPSC)pp. 411-418

The rapid growth in the demand for Future Internet services with many emerging group applications has driven the development of satellite, which is the preferred delivery mechanism due to its wide area coverage, multicasting capability and speed to deliver affordable future services. Nevertheless, security has been one of the obstacles for both satellite services as well as smart grid group applications, especially with logical/geographical/cryptographic domains spanning heterogeneous networks and regions. In this paper, adaptive security architecture is implemented to protect satellite services for smart grid group applications. The focus is on key management and policy provisioning. Leveraging Group Domain of Interpretation (GDOI) as the standard for smart grid centralized key/policy management architecture, a single Domain of Interpretation (DOI) is deployed and evaluated critically in terms of the added protocol signaling overhead on the satellite system for a fixed-network scenario. This also partially realizes the growing trend towards the use of TCP/IP technology for smart grid applications.

Y Cao, Zhili Sun, Ning Wang, F Yao, Haitham Cruickshank (2013)Converge-and-diverge: A geographic routing for delay/disruption-tolerant networks using a delegation replication approach, In: IEEE Transactions on Vehicular Technology62(5)pp. 2339-2343

Routing in delay/disruption-tolerant networks (DTNs) is without the assumption of contemporaneous end-to-end connectivity to relay messages. Geographic routing is an alternative approach using real-time geographic information instead of network topology information. However, if considering the mobility of destination, its real-time geographic information is often unavailable due to sparse network density in DTNs. Using historical geographic information to overcome this problem, we propose the converge-and-diverge (CaD) by combining two routing phases that depend on the proximity to the movement range estimated for destination. The key insight is to promote message replication converging to the edge of this range and diverging to the entire area of this range to achieve fast delivery, given limited message lifetime. Furthermore, the concept of delegation replication (DR) is explored to overcome the limitation of routing decisions and the local maximum problem. Evaluation results under the Helsinki city scenario show an improvement of CaD in terms of delivery ratio, average delivery latency, and overhead ratio. Since geographic routing in DTNs has not received much attention, apart from the design of CaD, our novelty also focuses on exploring DR to overcome the limitation of routing decision and the local maximum problem, in addition to enhancing efficiency, as DR originally intended. © 1967-2012 IEEE.

Michael Howarth, Haitham Cruickshank, Zhili Sun (2001)Unicast and multicast IP error performance over an ATM satellite link, In: IEEE COMMUNICATIONS LETTERS5(8)pp. 340-342 IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
S Kittiperachol, Zhili Sun, Haitham Cruickshank (2009)Integration of Linux TCP and Simulation: Verification, Validation and Application, In: Journal of Networks49pp. 819-836 ACADEMY PUBLISHER

Network simulator has been acknowledged as one of the most flexible means in studying and developing protocol as it allows virtually endless numbers of simulated network environments to be setup and protocol of interest to be fine-tuned without requiring any real-world complicated and costly network experiment. However, depending on researchers, the same protocol of interest can be developed in different ways and different implementations may yield the outcomes that do not accurately capture the dynamics of the real protocol. In the last decade, TCP, the protocol on which the Internet is based, has been extensively studied in order to study and reevaluate its performance particularly when TCP based applications and services are deployed in an emerging Next Generation Network (NGN) and Next Generation Internet (NGI). As a result, to understand the realistic interaction of TCP with new types of networks and technologies, a combination of a real-world TCP and a network simulator seems very essential. This work presents an integration of real-world TCP implementation of Linux TCP/IP network stack into a network simulator, called INET. Moreover, verification and validation of the integrated Linux TCP are performed within INET framework to ensure the validity of the integration. The results clearly confirm that the integrated Linux TCP displays reasonable and consistent dynamics with respect to the behaviors of the real-world Linux TCP. Finally, to demonstrate the application of the INET with Linux TCP extension, algorithms of other Linux TCP variants and their dynamic over a large-bandwidth long-delay network are briefly presented.

S Kittiperachol, Zhili Sun, Haitham Cruickshank (2008)Evaluation of TCP variants and bandwidth on demand over next generation satellite network, In: 2008 International Workshop on Satellite and Space Communications, IWSSC'08, Conference Proceedingspp. 3-7 IEEE

The Internet has become an important part of day to day activities. There is hardly a day without using Internet, such as reading Emails and articles as well as enjoying music and video. Thus, it is very important for the Internet to be provided to anyone anywhere. Terrestrial network has been the underlying infrastructure for the Internet. However, terrestrial network by itself cannot always satisfy all of the growing demands for the Internet, particularly in the remote areas. Thus, the deployment of the Next Generation Satellite Network (NGSN) is needed to fill in the gap and break the digital divide. This paper evaluates how the performances of TCP over NGSN with dynamic bandwidth allocation mechanism. The TCP used in this work is a real-world TCP based on both Linux and Window Vista implementations which have been integrated into a network simulator, INET. The study reveals that the TCP performances in terms of utilization and robustness, friendliness and fairness, and user's perceived Quality of Service are clearly affected by the dynamic bandwidth allocation mechanism. ©2008 IEEE.

Michael Howarth, S Iyengar, Zhili Sun, Haitham Cruickshank (2004)Dynamics of key management in secure satellite multicast, In: IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS22(2)pp. 308-319 IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 445 HOES LANE, PISCATAWAY, NJ 08855 USA

Security is an important concern in today's information age and particularly so in satellite systems, where eavesdropping can be easily performed. This paper addresses efficient key management for encrypted multicast traffic transmitted via satellite. We consider the topic of encrypting traffic in large multicast groups, where the group size and dynamics have a significant impact on the network load. We consider life cycle key management costs of a multicast connection, and show for a logical key hierarchy (LKH) how member preregistration and periodic admission reduces the initialization cost, and how the optimum outdegree of a hierarchical tree varies with the expected member volatility and rekey factor. This improves network utilization, but encryption at the network layer can pose problems on satellite links. We, therefore, propose and analyze an interworking solution between multilayer Internet protocol security (IPSEC) and LKH that also reduces key management traffic while enabling interworking with performance enhancing modules used on satellite links.

L Ao, C Ogah, Philip Asuquo, Haitham Cruickshank, Zhili Sun (2016)A Secure Key Management Scheme for Heterogeneous Secure Vehicular Communication Systems, In: ZTE Communications14(S0)pp. 21-31 ZTE Corporation

Abstract Intelligent transportation system (ITS) is proposed as the most effective way to improve road safety and traffic efficiency. However, the future of ITS for large scale transportation infrastructures deployment highly depends on the security level of vehicular communication systems (VCS). Therefore, security key management schemes are considered as a critical research topic for network security. In this paper, we propose a framework for providing secure key management within heterogeneous network. The security managers (SMs ) Play a key role in the framework by retrieving the vehicle departure information, encapsulating block to transport keys and then executing rekeying to vehicles within the same security domain. The first part of this framework is a novel Group Key Management (GKM) scheme basing on (LP) of vehicles to depart current VCS region. Vehicle's LP factor is introduced into GKM scheme to achieve a more efficient rekeying scheme and less rekeying costs. The second component of the framework using the blockchain concept to simplify the distributed key management in Heterogeneous VCS domains. Extensive simulations and analysis are provided to show the effectiveness and efficiency of the proposed framework: Our GKM results demonstrate that probability-based BR reduces rekeying cost compared to the benchmark scheme, while the blockchain decreases the time cost of key transmission over heterogeneous networks.

MS Al-Fares, Zhili Sun, Haitham Cruickshank (2009)A hierarchical routing protocol for survivability in wireless sensor network (WSN), In: Proceedings of the International MultiConference of Engineers and Computer Scientists 2009 Vol Ipp. 262-268

Wireless Sensor Network (WSN) is one of the major research areas in computer network field today. The function of WSN in this paper is to provide sensing services in an un-attended harsh environment. Sensed data need to be delivered to the sink and to cope with the network unreliability problem. Few routing protocol takes into consideration of this problem. It is a great challenge of the hierarchical routing protocol to provide network survivability and redundancy features. In this paper, a short literature review of the existing routing protocol is carried out. Then a novel hierarchical routing protocol, which addresses network survivability and redundancy issues, is introduced. Initial analysis shows promising results of the proposed protocol over LEACH. Finally, conclusion was drawn based on the research and future direction for further research is identified.

WHD Ng, Haitham Cruickshank, Zhili Sun (2006)Scalable balanced batch rekeying for secure group communication, In: COMPUTERS & SECURITY25(4)pp. 265-273 ELSEVIER ADVANCED TECHNOLOGY, OXFORD FULFILLMENT CENTRE THE BOULEVARD, LANGFORD LANE, KIDLINGTON, OXFORD OX5 1GB, OXON, ENGLAND

Secure group communication is important for applications such as pay-per-view. Other authors have proposed the key tree approach to distribute a shared group key in a way such that the rekeying cost scales linearly with the logarithm of the group size for a join or depart request. The efficiency of the key tree approach depends critically on whether the key tree remains balanced. Periodic rebalancing can be used to balance the key tree whenever it becomes unbalanced but this adds extra costs to the network. In this paper, we present two Merging Algorithms suitable for batch join events. As the multicast session consists of other events as well, we then show how we can extend our algorithms into existing work to minimise the maximum difference in height without adding extra network costs. Simulation results show our Merging Algorithms not only balance the key tree but their rekeying costs are lower compared to existing algorithms. (C) 2006 Elsevier Ltd. All rights reserved.

Y Cao, Haitham Cruickshank, Zhili Sun (2011)Asymmetric spray and multi-forwarding for delay tolerant networks, In: Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering: Personal Satellite Services71(6)pp. 199-212

The framework of Delay Tolerant Networks (DTNs) has received an extensive attention from academic community because of its application ranging from Wireless Sensor Networks (WSNs) to interplanetary networks. It has a promising future in military affairs, scientific research and exploration. Due to the characteristic of long delay, intermittent connectivity and limited network resource, the traditional routing algorithms do not perform well in DTNs. In this paper, our proposed algorithm is based on an asymmetric spray mechanism combining with the concept of message classes. For each message class, a corresponding forwarding queue is designed and these queues are scheduled according to their priorities. Together with other designed assistant functions, our proposed algorithm outperforms other state of the art algorithms in terms of delivery ratio, overhead ratio, average latency as well as energy consumption.

L Wood, Haitham Cruickshank, Zhili Sun (2017)Supporting group applications via satellite constellations with multicast, In: IEE Conference Publication no.I 451pp. 190-194

Here, the networking aspects of the broadband satellite constellations are discussed, and the suitability of the constellations for multicast is assessed.

M Al-Fares, Z Sun, HS Cruickshank (2009)A Reliable Multi-hop Hierarchical Routing Protocol in Wireless Sensor Network (WSN)., In: S Latifi (eds.), ITNGpp. 1604-1605

Satellites had been successful in the past due to their wide area coverage and speedy deployment of new services especially in remote regions of Europe and the rest of the world. The future development of broadband satellite systems providing services based on the Internet Protocol (IP) needs to be stimulated by means of common standards. This paper presents the ETSI BSM PEP architecture which includes the satellite terminal and gateway protocol stacks and security configurations for successful PEP implementations

M Alshamrani, Haitham Cruickshank, Zhili Sun (2015)SIP Signaling and QoS for ROHC Based Next Generation MANETs Reactive Routing Protocols, In: Proceedings of the 8th EUROSIM Congress on Modelling and Simulation (EUROSIM 2013)pp. 591-599

In this paper, an evaluation of SIP signaling and voice QoS for SIP based VoIP using GSM voice codec system over IPv6 MANETs with Static, and Random mobility models. This evaluation study considered two types of reactive routing protocols, AODV and DSR. The study examined IPv4, IPv6, and Robust Header Compression (ROHC) as a compression/decompression system for IPv6 headers. The evaluation results show that SIP signaling and VoIP traffic are acting poorly over IPv6 even when applying ROHC. In general, AODV has low performance over different types of Random mobility models for MANET nodes, while DSR shows better performance with Static mobility models and bad performance with Random mobility models. When using ROHC for TCP traffic, a level of enhanced performance had shown for SIP based VoIP calls over IPv6 MANET. However ROHC still has longer delays and poor performance compared with SIP based VoIP over IPv4 MANET. Therefore, the SIP signaling for IPv6 MANET reactive protocols require further enhancements for SIP/TCP registration and retransmission timers to be able to employ the capabilities of IPv6 and ROHC system for SIP based VoIP and real-time applications over MANET.

LM Audah, Z Sun, HS Cruickshank (2011)QoS Evaluation of HTTP over Satellites., In: CyberCpp. 177-182
S Kittiperachol, Zhili Sun, Haitham Cruickshank (2008)Performance evaluation of on-board QoS support for multiservice applications on the integrated Next Generation Satellite-terrestrial network, In: 2008 4th Advanced Satellite Mobile Systems - Proceedings, ASMS 2008pp. 311-316

Next Generation Satellite Network (NGSN) possesses unique characteristics; large coverage area, quick deployment, native broadcasting/multicasting capability, multiple spotbeams, high bandwidth and on-broad processor (OBP). These features enable NGSN to play an important role in providing ubiquitous global Next Generation Internet (NGI). The original Internet is restricted mainly to terrestrial network and supports only best effort service. NGI is to support multiservice applications with service differentiation and extending Internet access beyond the reach of terrestrial network. Based on the integrated satelliteterrestrial network, a main infrastructure for global ubiquitous Internet is envisaged and Internet applications can be accessed anywhere anytime. However, one of the key successes depends mainly on the capabilities of the satellite OBP. Without it, the preservation of end-to-end (e2e) service differentiation has to be dealt with at ground hub stations, thus increasing e2e delay. This paper studies the impacts of different on-board queueing schemes on the quality of multiservice applications on NGI and suggests that the quality of multiservice applications is generally enhanced if the on-board service differentiation is supported. © 2008 IEEE.

Zhili Sun, Haitham Cruickshank, S Iyengar, Michael Howarth, L Claverotte, R Gomez (2003)IP multicast over satellite