Jointly Optimal Routing and Caching for Arbitrary Network Topologies

We study a problem of fundamental importance to ICNs, namely, minimizing routing costs by jointly optimizing caching and routing decisions over an arbitrary network topology. We consider both source routing and hop-by-hop routing settings. The respective offline problems are NP-hard. Nevertheless, we show that there exist polynomial time approximation algorithms producing solutions within a constant approximation from the optimal. We also produce distributed, adaptive algorithms with the same approximation guarantees. We simulate our adaptive algorithms over a broad array of different topologies. Our algorithms reduce routing costs by several orders of magnitude compared to prior art, including algorithms optimizing caching under fixed routing.Comment: This is the extended version of the paper "Jointly Optimal Routing and Caching for Arbitrary Network Topologies", appearing in the 4th ACM Conference on Information-Centric Networking (ICN 2017), Berlin, Sep. 26-28, 201

Alibi framework for identifying reactive jamming nodes in wireless LAN

Reactive jamming nodes are the nodes of the network that get compromised and become the source of jamming attacks. They assume to know any shared secrets and protocols used in the networks. Thus, they can jam very effectively and are very stealthy. We propose a novel approach to identifying the reactive jamming nodes in wireless LAN (WLAN). We rely on the half-duplex nature of nodes: they cannot transmit and receive at the same time. Thus, if a compromised node jams a packet, it cannot guess the content of the jammed packet. More importantly, if an honest node receives a jammed packet, it can prove that it cannot be the one jamming the packet by showing the content of the packet. Such proofs of jammed packets are called "alibis" - the key concept of our approach. In this paper, we present an alibi framework to deal with reactive jamming nodes in WLAN. We propose a concept of alibi-safe topologies on which our proposed identification algorithms are proved to correctly identify the attackers. We further propose a realistic protocol to implement the identification algorithm. The protocol includes a BBC-based timing channel for information exchange under the jamming situation and a similarity hashing technique to reduce the storage and network overhead. The framework is evaluated in a realistic TOSSIM simulation where the simulation characteristics and parameters are based on real traces on our small-scale MICAz test-bed. The results show that in reasonable dense networks, the alibi framework can accurately identify both non-colluding and colluding reactive jamming nodes. Therefore, the alibi approach is a very promising approach to deal with reactive jamming nodes.published or submitted for publicationnot peer reviewe

Self-stabilizing cluster routing in Manet using link-cluster architecture

We design a self-stabilizing cluster routing algorithm based on the link-cluster architecture of wireless ad hoc networks. The network is divided into clusters. Each cluster has a single special node, called a clusterhead that contains the routing information about inter and intra-cluster communication. A cluster is comprised of all nodes that choose the corresponding clusterhead as their leader. The algorithm consists of two main tasks. First, the set of special nodes (clusterheads) is elected such that it models the link-cluster architecture: any node belongs to a single cluster, it is within two hops of the clusterhead, it knows the direct neighbor on the shortest path towards the clusterhead, and there exist no two adjacent clusterheads. Second, the routing tables are maintained by the clusterheads to store information about nodes both within and outside the cluster. There are two advantages of maintaining routing tables only in the clusterheads. First, as no two neighboring nodes are clusterheads (as per the link-cluster architecture), there is no need to check the consistency of the routing tables. Second, since all other nodes have significantly less work (they only forward messages), they use much less power than the clusterheads. Therefore, if a clusterhead runs out of power, a neighboring node (that is not a clusterhead) can accept the role of a clusterhead. (Abstract shortened by UMI.)

Trust-based security for the OLSR routing protocol

International audienceThe trust is always present implicitly in the protocols based on cooperation, in particular, between the entities involved in routing operations in Ad hoc networks. Indeed, as the wireless range of such nodes is limited, the nodes mutually cooperate with their neighbors in order to extend the remote nodes and the entire network. In our work, we are interested by trust as security solution for OLSR protocol. This approach fits particularly with characteristics of ad hoc networks. Moreover, the explicit trust management allows entities to reason with and about trust, and to take decisions regarding other entities. In this paper, we detail the techniques and the contributions in trust-based security in OLSR. We present trust-based analysis of the OLSR protocol using trust specification language, and we show how trust-based reasoning can allow each node to evaluate the behavior of the other nodes. After the detection of misbehaving nodes, we propose solutions of prevention and countermeasures to resolve the situations of inconsistency, and counter the malicious nodes. We demonstrate the effectiveness of our solution taking different simulated attacks scenarios. Our approach brings few modifications and is still compatible with the bare OLSR

EFFICIENT AND SCALABLE NETWORK SECURITY PROTOCOLS BASED ON LFSR SEQUENCES

The gap between abstract, mathematics-oriented research in cryptography and the engineering approach of designing practical, network security protocols is widening. Network researchers experiment with well-known cryptographic protocols suitable for different network models. On the other hand, researchers inclined toward theory often design cryptographic schemes without considering the practical network constraints. The goal of this dissertation is to address problems in these two challenging areas: building bridges between practical network security protocols and theoretical cryptography. This dissertation presents techniques for building performance sensitive security protocols, using primitives from linear feedback register sequences (LFSR) sequences, for a variety of challenging networking applications. The significant contributions of this thesis are: 1. A common problem faced by large-scale multicast applications, like real-time news feeds, is collecting authenticated feedback from the intended recipients. We design an efficient, scalable, and fault-tolerant technique for combining multiple signed acknowledgments into a single compact one and observe that most signatures (based on the discrete logarithm problem) used in previous protocols do not result in a scalable solution to the problem. 2. We propose a technique to authenticate on-demand source routing protocols in resource-constrained wireless mobile ad-hoc networks. We develop a single-round multisignature that requires no prior cooperation among nodes to construct the multisignature and supports authentication of cached routes. 3. We propose an efficient and scalable aggregate signature, tailored for applications like building efficient certificate chains, authenticating distributed and adaptive content management systems and securing path-vector routing protocols. 4. We observe that blind signatures could form critical building blocks of privacypreserving accountability systems, where an authority needs to vouch for the legitimacy of a message but the ownership of the message should be kept secret from the authority. We propose an efficient blind signature that can serve as a protocol building block for performance sensitive, accountability systems. All special forms digital signatures—aggregate, multi-, and blind signatures—proposed in this dissertation are the first to be constructed using LFSR sequences. Our detailed cost analysis shows that for a desired level of security, the proposed signatures outperformed existing protocols in computation cost, number of communication rounds and storage overhead

ROUTING IN MOBILE AD-HOC NETWORKS: SCALABILITY AND EFFICIENCY

Mobile Ad-hoc Networks (MANETs) have received considerable research interest in recent years. Because of dynamic topology and limited resources, it is challenging to design routing protocols for MANETs. In this dissertation, we focus on the scalability and efficiency problems in designing routing protocols for MANETs. We design the Way Point Routing (WPR) model for medium to large networks. WPR selects a number of nodes on a route as waypoints and divides the route into segments at the waypoints. Waypoint nodes run a high-level inter-segment routing protocol, and nodes on each segment run a low-level intra-segment routing protocol. We use DSR and AODV as the inter-segment and the intra-segment routing protocols, respectively. We term this instantiation the DSR Over AODV (DOA) routing protocol. We develop Salvaging Route Reply (SRR) to salvage undeliverable route reply (RREP) messages. We propose two SRR schemes: SRR1 and SRR2. In SRR1, a salvor actively broadcasts a one-hop salvage request to find an alternative path to the source. In SRR2, nodes passively learn an alternative path from duplicate route request (RREQ) packets. A salvor uses the alternative path to forward a RREP when the original path is broken. We propose Multiple-Target Route Discovery (MTRD) to aggregate multiple route requests into one RREQ message and to discover multiple targets simultaneously. When a source initiates a route discovery, it first tries to attach its request to existing RREQ packets that it relays. MTRD improves routing performance by reducing the number of regular route discoveries. We develop a new scheme called Bilateral Route Discovery (BRD), in which both source and destination actively participate in a route discovery process. BRD consists of two halves: a source route discovery and a destination route discovery, each searching for the other. BRD has the potential to reduce control overhead by one half. We propose an efficient and generalized approach called Accumulated Path Metric (APM) to support High-Throughput Metrics (HTMs). APM finds the shortest path without collecting topology information and without running a shortest-path algorithm. Moreover, we develop the Broadcast Ordering (BO) technique to suppress unnecessary RREQ transmissions