A System-Theoretic Clean Slate Approach to Provably Secure Ad Hoc Wireless Networking

Abstract-Traditionally, wireless network protocols have been designed for performance. Subsequently, as attacks have been identified, patches have been developed. This has resulted in an "arms race" development process of discovering vulnerabilities and then patching them. The fundamental difficulty with this approach is that other vulnerabilities may still exist. No provable security or performance guarantees can ever be provided. We develop a system-theoretic approach to security that provides a complete protocol suite with provable guarantees, as well as proof of min-max optimality with respect to any given utility function of source-destination rates. Our approach is based on a model capturing the essential features of an adhoc wireless network that has been infiltrated with hostile nodes. We consider any collection of nodes, some good and some bad, possessing specified capabilities vis-a-vis cryptography, wireless communication and clocks. The good nodes do not know the bad nodes. The bad nodes can collaborate perfectly, and are capable of any disruptive acts ranging from simply jamming to non-cooperation with the protocols in any manner they please. The protocol suite caters to the complete life-cycle, all the way from birth of nodes, through all phases of ad hoc network formation, leading to an optimized network carrying data reliably. It provably achieves the min-max of the utility function, where the max is over all protocol suites published and followed by the good nodes, while the min is over all Byzantine behaviors of the bad nodes. Under the protocol suite, the bad nodes do not benefit from any actions other than jamming or cooperating. This approach supersedes much previous work that deals with several types of attacks including wormhole, rushing, partial deafness, routing loops, routing black holes, routing gray holes, and network partition attacks

A Clean Slate Design for Secure Wireless Ad-Hoc Networks -Part 1: Closed Synchronized Networks

Abstract-We propose a clean-slate, holistic approach to the design of secure protocols for wireless ad-hoc networks. We design a protocol that enables a collection of distributed nodes to emerge from a primordial birth and form a functioning network. We consider the case when nodes are synchronized and the network is closed, in that no other nodes can join. We define a game between protocols and adversarial nodes, and describe a protocol that is guaranteed to achieve the max-min payoff regardless of what the adversarial nodes do. Moreover, even though the adversarial nodes always know the protocol a priori, we show an even stronger result; the protocol is guaranteed to achieve the min-max payoff. Hence there is a saddle point in the game between protocols and adversarial strategies. Finally, we show that the adversarial nodes are in effect, strategically confined to either jamming or conforming to the protocol. These guarantees are contingent on a set of underlying model assumptions, and cease to be valid if the assumptions are violated

Applying Formal Methods to Networking: Theory, Techniques and Applications

Despite its great importance, modern network infrastructure is remarkable for the lack of rigor in its engineering. The Internet which began as a research experiment was never designed to handle the users and applications it hosts today. The lack of formalization of the Internet architecture meant limited abstractions and modularity, especially for the control and management planes, thus requiring for every new need a new protocol built from scratch. This led to an unwieldy ossified Internet architecture resistant to any attempts at formal verification, and an Internet culture where expediency and pragmatism are favored over formal correctness. Fortunately, recent work in the space of clean slate Internet design---especially, the software defined networking (SDN) paradigm---offers the Internet community another chance to develop the right kind of architecture and abstractions. This has also led to a great resurgence in interest of applying formal methods to specification, verification, and synthesis of networking protocols and applications. In this paper, we present a self-contained tutorial of the formidable amount of work that has been done in formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial

Energy efficient and secure wireless communications for wireless sensor networks

This dissertation considers wireless sensor networks (WSNs) operating in severe environments where energy efficiency and security are important factors. This main aim of this research is to improve routing protocols in WSNs to ensure efficient energy usage and protect against attacks (especially energy draining attacks) targeting WSNs. An enhancement of the existing AODV (Ad hoc On-Demand Distance Vector) routing protocol for energy efficiency, called AODV-Energy Harvesting Aware (AODVEHA), is proposed and evaluated. It not only inherits the advantages of AODV which are well suited to ad hoc networks, but also makes use of the energy harvesting capability of sensor nodes in the network. In addition to the investigation of energy efficiency, another routing protocol called Secure and Energy Aware Routing Protocol (ETARP) designed for energy efficiency and security of WSNs is presented. The key part of the ETARP is route selection based on utility theory, which is a novel approach to simultaneously factor energy efficiency and trustworthiness of routes in the routing protocol. Finally, this dissertation proposes a routing protocol to protect against a specific type of resource depletion attack called Vampire attacks. The proposed resource-conserving protection against energy draining (RCPED) protocol is independent of cryptographic methods, which brings advantage of less energy cost and hardware requirement. RCPED collaborates with existing routing protocols, detects abnormal sign of Vampire attacks and determines the possible attackers. Then routes are discovered and selected on the basis of maximum priority, where the priority that reflects the energy efficiency and safety level of route is calculated by means of Analytic Hierarchy Process (AHP). The proposed analytic model for the aforementioned routing solutions are verified by simulations. Simulations results validate the improvements of proposed routing approaches in terms of better energy efficiency and guarantee of security

Exploiting the power of multiplicity: a holistic survey of network-layer multipath

The Internet is inherently a multipath network: For an underlying network with only a single path, connecting various nodes would have been debilitatingly fragile. Unfortunately, traditional Internet technologies have been designed around the restrictive assumption of a single working path between a source and a destination. The lack of native multipath support constrains network performance even as the underlying network is richly connected and has redundant multiple paths. Computer networks can exploit the power of multiplicity, through which a diverse collection of paths is resource pooled as a single resource, to unlock the inherent redundancy of the Internet. This opens up a new vista of opportunities, promising increased throughput (through concurrent usage of multiple paths) and increased reliability and fault tolerance (through the use of multiple paths in backup/redundant arrangements). There are many emerging trends in networking that signify that the Internet's future will be multipath, including the use of multipath technology in data center computing; the ready availability of multiple heterogeneous radio interfaces in wireless (such as Wi-Fi and cellular) in wireless devices; ubiquity of mobile devices that are multihomed with heterogeneous access networks; and the development and standardization of multipath transport protocols such as multipath TCP. The aim of this paper is to provide a comprehensive survey of the literature on network-layer multipath solutions. We will present a detailed investigation of two important design issues, namely, the control plane problem of how to compute and select the routes and the data plane problem of how to split the flow on the computed paths. The main contribution of this paper is a systematic articulation of the main design issues in network-layer multipath routing along with a broad-ranging survey of the vast literature on network-layer multipathing. We also highlight open issues and identify directions for future work