Design & Evaluation of Path-based Reputation System for MANET Routing

Most of the existing reputation systems in mobile ad hoc networks (MANET) consider only node reputations when selecting routes. Reputation and trust are therefore generally ensured within a one-hop distance when routing decisions are made, which often fail to provide the most reliable, trusted route. In this report, we first summarize the background studies on the security of MANET. Then, we propose a system that is based on path reputation, which is computed from reputation and trust values of each and every node in the route. The use of path reputation greatly enhances the reliability of resulting routes. The detailed system architecture and components design of the proposed mechanism are carefully described on top of the AODV (Ad-hoc On-demand Distance Vector) routing protocol. We also evaluate the performance of the proposed system by simulating it on top of AODV. Simulation experiments show that the proposed scheme greatly improves network throughput in the midst of misbehavior nodes while requires very limited message overhead. To our knowledge, this is the first path-based reputation system proposal that may be implemented on top of a non-source based routing scheme such as AODV

Unified architecture of mobile ad hoc network security (MANS) system

In this dissertation, a unified architecture of Mobile Ad-hoc Network Security (MANS) system is proposed, under which IDS agent, authentication, recovery policy and other policies can be defined formally and explicitly, and are enforced by a uniform architecture. A new authentication model for high-value transactions in cluster-based MANET is also designed in MANS system. This model is motivated by previous works but try to use their beauties and avoid their shortcomings, by using threshold sharing of the certificate signing key within each cluster to distribute the certificate services, and using certificate chain and certificate repository to achieve better scalability, less overhead and better security performance. An Intrusion Detection System is installed in every node, which is responsible for colleting local data from its host node and neighbor nodes within its communication range, pro-processing raw data and periodically broadcasting to its neighborhood, classifying normal or abnormal based on pro-processed data from its host node and neighbor nodes. Security recovery policy in ad hoc networks is the procedure of making a global decision according to messages received from distributed IDS and restore to operational health the whole system if any user or host that conducts the inappropriate, incorrect, or anomalous activities that threaten the connectivity or reliability of the networks and the authenticity of the data traffic in the networks. Finally, quantitative risk assessment model is proposed to numerically evaluate MANS security

Security server-based architecture for mobile ad hoc networks

A Mobile Ad hoc Network (MANET) is receiving a great attention by different communities (e.g. military and civil applications) thanks to its self-configuration and self maintenance potential. Securing a MANET is a very critical matter as it is vulnerable to different attacks and also it is characterised with no clear line of defence. Since any security solution relies on a particular trust model, there are different types of trust models that could suit MANETs. This paper present a design of security architecture based on the hybrid trust model. It consists of a set of servers (i.e. a Central authority Server (CAS), Threshold Authority Servers (TASs) and Delegated Authority Servers (DASs)) emulating certification authorities. Our security architecture caters for improving services availability and utilisation. © 2012 IEEE

Manifestation and mitigation of node misbehaviour in adhoc networks

Mobile adhoc network is signified as a boon for advance and future wireless communication system. Owing to its self-establishing network features and decentralization, the system can actually establish a wireless communication with vast range of connectivity with the other nodes. However, the system of MANET is also beheld with various technical impediments owing to its inherent dynamic topologies. Although there are abundant volume of research work, but very few have been able to effectively address the node misbehavior problems in MANET. The paper initially tries to draw a line between different types of nodes in MANETs based on their behavior characteristics, then reviews some of the significant contribution of the prior researches for addressing node misbehavior issues. A major emphasis is laid on is the researches which use game theory as a tool to study and address the misbehavior problems. The manuscript is developed considering some of the latest and standard evidences of past 5 years and finally discusses the open issues related to the problems

Collaborative Caching for efficient and Robust Certificate Authority Services in Mobile Ad-Hoc Networks

Security in Mobile Ad-Hoc Network (MANET) is getting a lot of attention due to its inherent vulnerability to a wide spectrum of attacks. Threats exist in every layer of MANET stack, and different solutions have been adapted for each security problem. Additionally, availability is an important criterion in most MANET solutions, but many security frameworks did not consider it. Public-Key Infrastructure (PKI) is no exception, and its deployment in MANET needs major design and implementation modifications that can fit constraints unique to this environment. Our focus in this dissertation is to adapt and increase the availability of Certificate Authority (CA) services, as a major PKI entity, in MANET. Several attempts have been proposed to deal with the problem of deploying CA in MANET to provide a generic public-key framework, but each either ends up sacrificing system security or availability. Here, the main goal of our work is to provide a solution that addresses performance and security issues of providing MANET-based PKI. Particularly, we would like to maintain the availability of the services provided by CA while keeping the network\u27s packet overhead as low as possible. In this dissertation, we present a MANET-based framework suitable for exchanging public-key certificates by collaborative caching between MANET clients. We show that our system can meet the challenges of providing robust and secure CA services in MANET. Augmented by simulation results, we demonstrate quantitatively the feasibility of our work as we were able to reduce network overhead associated with threshold based CA queries up to 92% as compared to related work in addition to having a very short response time. The dependency on CA servers has been reduced, and the system was able to tolerate as much as two-third inoperative CA servers without noticeable decrease in the service performance

Trust model for certificate revocation in Ad hoc networks

In this paper we propose a distributed trust model for certificate revocation in Adhoc networks. The proposed model allows trust to be built over time as the number of interactions between nodes increase. Furthermore, trust in a node is defined not only in terms of its potential for maliciousness, but also in terms of the quality of the service it provides. Trust in nodes where there is little or no history of interactions is determined by recommendations from other nodes. If the nodes in the network are selfish, trust is obtained by an exchange of portfolios. Bayesian networks form the underlying basis for this model

Efficient signature verification and key revocation using identity based cryptography

Cryptography deals with the development and evaluation of procedures for securing digital information. It is essential whenever multiple entities want to communicate safely. One task of cryptography concerns digital signatures and the verification of a signer’s legitimacy requires trustworthy authentication and authorization. This is achieved by deploying cryptographic keys. When dynamic membership behavior and identity theft come into play, revocation of keys has to be addressed. Additionally, in use cases with limited networking, computational, or storage resources, efficiency is a key requirement for any solution. In this work we present a solution for signature verification and key revocation in constraned environments, e.g., in the Internet of Things (IoT). Where other mechanisms generate expensive overheads, we achieve revocation through a single multicast message without significant computational or storage overhead. Exploiting Identity Based Cryptography (IBC) complements the approach with efficient creation and verification of signatures. Our solution offers a framework for transforming a suitable signature scheme to a so-called Key Updatable Signature Scheme (KUSS) in three steps. Each step defines mathematical conditions for transformation and precise security notions. Thereby, the framework allows a novel combination of efficient Identity Based Signature (IBS) schemes with revocation mechanisms originally designed for confidentiality in group communications. Practical applicability of our framework is demonstrated by transforming four well-established IBS schemes based on Elliptic Curve Cryptography (ECC). The security of the resulting group Identity Based Signature (gIBS) schemes is carefully analyzed with techniques of Provable Security. We design and implement a testbed for evaluating these kind of cryptographic schemes on different computing- and networking hardware, typical for constrained environments. Measurements on this testbed provide evidence that the transformations are practicable and efficient. The revocation complexity in turn is significantly reduced compared to existing solutions. Some of our new schemes even outperform the signing process of the widely used Elliptic Curve Digital Signature Algorithm (ECDSA). The presented transformations allow future application on schemes beyond IBS or ECC. This includes use cases dealing with Post-Quantum Cryptography, where the revocation efficiency is similarly relevant. Our work provides the basis for such solutions currently under investigation.Die Kryptographie ist ein Instrument der Informationssicherheit und beschäftigt sich mit der Entwicklung und Evaluierung von Algorithmen zur Sicherung digitaler Werte. Sie ist für die sichere Kommunikation zwischen mehreren Entitäten unerlässlich. Ein Bestandteil sind digitale Signaturen, für deren Erstellung man kryptographische Schlüssel benötigt. Bei der Verifikation muss zusätzlich die Authentizität und die Autorisierung des Unterzeichners gewährleistet werden. Dafür müssen Schlüssel vertrauensvoll verteilt und verwaltet werden. Wenn sie in Kommunikationssystemen mit häufig wechselnden Teilnehmern zum Einsatz kommen, müssen die Schlüssel auch widerruflich sein. In Anwendungsfällen mit eingeschränkter Netz-, Rechen- und Speicherkapazität ist die Effizienz ein wichtiges Kriterium. Diese Arbeit liefert ein Rahmenwerk, mit dem Schlüssel effizient widerrufen und Signaturen effizient verifiziert werden können. Dabei fokussieren wir uns auf Szenarien aus dem Bereich des Internets der Dinge (IoT, Internet of Things). Im Gegensatz zu anderen Lösungen ermöglicht unser Ansatz den Widerruf von Schlüsseln mit einer einzelnen Nachricht innerhalb einer Kommunikationsgruppe. Dabei fällt nur geringer zusätzlicher Rechen- oder Speicheraufwand an. Ferner vervollständigt die Verwendung von Identitätsbasierter Kryptographie (IBC, Identity Based Cryptography) unsere Lösung mit effizienter Erstellung und Verifikation der Signaturen. Hierfür liefert die Arbeit eine dreistufige mathematische Transformation von geeigneten Signaturverfahren zu sogenannten Key Updatable Signature Schemes (KUSS). Neben einer präzisen Definition der Sicherheitsziele werden für jeden Schritt mathematische Vorbedingungen zur Transformation festgelegt. Dies ermöglicht die innovative Kombination von Identitätsbasierten Signaturen (IBS, Identity Based Signature) mit effizienten und sicheren Mechanismen zum Schlüsselaustausch, die ursprünglich für vertrauliche Gruppenkommunikation entwickelt wurden. Wir zeigen die erfolgreiche Anwendung der Transformationen auf vier etablierten IBSVerfahren. Die ausschließliche Verwendung von Verfahren auf Basis der Elliptic Curve Cryptography (ECC) erlaubt es, den geringen Kapazitäten der Zielgeräte gerecht zu werden. Eine Analyse aller vier sogenannten group Identity Based Signature (gIBS) Verfahren mit Techniken aus dem Forschungsgebiet der Beweisbaren Sicherheit zeigt, dass die zuvor definierten Sicherheitsziele erreicht werden. Zur praktischen Evaluierung unserer und ähnlicher kryptographischer Verfahren wird in dieser Arbeit eine Testumgebung entwickelt und mit IoT-typischen Rechen- und Netzmodulen bestückt. Hierdurch zeigt sich sowohl die praktische Anwendbarkeit der Transformationen als auch eine deutliche Reduktion der Komplexität gegenüber anderen Lösungsansätzen. Einige der von uns vorgeschlagenen Verfahren unterbieten gar die Laufzeiten des meistgenutzten Elliptic Curve Digital Signature Algorithm (ECDSA) bei der Erstellung der Signaturen. Die Systematik der Lösung erlaubt prinzipiell auch die Transformation von Verfahren jenseits von IBS und ECC. Dadurch können auch Anwendungsfälle aus dem Bereich der Post-Quanten-Kryptographie von unseren Ergebnissen profitieren. Die vorliegende Arbeit liefert die nötigen Grundlagen für solche Erweiterungen, die aktuell diskutiert und entwickelt werden

Mobile Ad-Hoc Networks

Being infrastructure-less and without central administration control, wireless ad-hoc networking is playing a more and more important role in extending the coverage of traditional wireless infrastructure (cellular networks, wireless LAN, etc). This book includes state-of-the-art techniques and solutions for wireless ad-hoc networks. It focuses on the following topics in ad-hoc networks: quality-of-service and video communication, routing protocol and cross-layer design. A few interesting problems about security and delay-tolerant networks are also discussed. This book is targeted to provide network engineers and researchers with design guidelines for large scale wireless ad hoc networks