A mechanism design-based secure architecture for mobile ad hoc networks

International audienceTo avoid the single point of failure for the certificate authority (CA) in MANET, a decentralized solution is proposed where nodes are grouped into different clusters. Each cluster should contain at least two confident nodes. One is known as CA and the another as register authority RA. The Dynamic Demilitarized Zone (DDMZ) is proposed as a solution for protecting the CA node against potential attacks. It is formed from one or more RA node. The problems of such a model are: (1) Clusters with one confident node, CA, cannot be created and thus clusters' sizes are increased which negatively affect clusters' services and stability. (2) Clusters with high density of RA can cause channel collision at the CA. (3) Clusters' lifetime are reduced since RA monitors are always launched (i.e., resource consumption). In this paper, we propose a model based on mechanism design that will allow clusters with single trusted node (CA) to be created. Our mechanism will motivate nodes that does not belong to the confident community to participate by giving them incentives in the form of trust, which can be used for cluster's services. To achieve this goal, a RA selection algorithm is proposed that selects nodes based on a predefined selection criteria function. Finally, empirical results are provided to support our solutions

Mechanism design and game theoretical models for intrusion detection

In this thesis, we study the problems related to intrusion detection systems in Mobile Ad hoc Networks (MANETs). Specifically, we are addressing the leader election in the presence of selfish nodes, the tradeoff between security and IDS's resource consumption, and the multi-fragment intrusion detection via sampling. To balance the resource consumption among all the nodes and prolong the lifetime of a MANET, the nodes with the most remaining resources should be elected as the leaders. Selfishness is one of the main problems facing such a model where nodes can behave selfishly during the election or after. To address this issue, we present a solution based on the theory of mechanism design. More specifically, the solution provides nodes with incentives in the form of reputations to encourage nodes in participating honestly in the election process. The amount of incentives is based on the Vickrey-Clarke-Groves (VCG) mechanism to ensure that truth-telling is the dominant strategy of any node. To catch and punish a misbehaving elected leader, checkers are selected randomly to monitor the behavior of a leader. To reduce the false-positive rate, a cooperative game-theoretic model is proposed to analyze the contribution of each checker on the catch decision. A multi-stage catch mechanism is also introduced to reduce the performance overhead of checkers. Additionally, we propose a series of local election algorithms that lead to globally optimal election results. Note that the leader election model, which is known as moderate model is only suitable when the probability of attacks is low. Once the probability of attacks is high, victims should launch their own IDSs. Such a robust model is, however, costly with respect to energy, which leads nodes to die fast. Clearly, to reduce the resource consumption of IDSs and yet keep its effectiveness, a critical issue is: When should we shift from moderate to robust mode? Here, we formalize this issue as a nonzero-sum non-cooperative game-theoretical model that takes into consideration the tradeoff between security and IDS resource consumption. Last but not least, we consider the problem of detecting multi-fragments intrusions that are launched from a MANET targeting another network. To generalize our solution, we consider the intrusion to be launched from any type of networks. The detection is accomplished by sampling a subset of the transmitted packets over selected network links or router interfaces. Given a sampling budget, our framework aims at developing a network packet sampling strategy to effectively reduce the success chances of an intruder. Non-cooperative game theory is used to express the problem formally. Finally, empirical results are provided to support our solutions

An investigation of mobile ad-hoc network performance with cognitive attributes applied

Mobile Ad-Hoc Networks (MANETs) are known for their versatility, which is they are capable of supporting many applications. In addition to this versatility MANETs are quick to deploy without need for an existing predefined communications infrastructure. However, although the lack of infrastructure allows for the quick deployment of the data communications network, it adds many factors that hinder packet delivery. Such hindrances occur because of the dynamic topology caused by the mobility of the nodes which results in link breakages. Routing protocols exist that attempt to refresh available routes; however, this is after link breakages have occurred. The nodes also usually have constrained resources (i.e. energy source and limited bandwidth). This thesis presents a novel approach of network behaviour and management by implementing cognitive attributes into a MANET environment. This allows an application to better meet its mission objectives, decreases the end-to-end delay, and increases packet delivery ratio. The network is able to make observations, consider previous actions and consequences of the actions, and make changes based on the prior knowledge and experience. This work also shows how the network can better utilise limited resources such as bandwidth allocation by applying cognitive attributes. Simulations conducted show promising results and prove that an increase in network performance is possible if adopting a cross-layered approach and allow the network to manage and to ‘think’ for itself. Various simulations were run with various scenarios and results are presented without cognition applied, with partial cognition applied and with full cognition applied. A total of 52 simulations were run and from this the results were compared and contrasted. The analysis shows that cognitive attributes does increase network performance in the majority of applications