Analysis of the security and reliability of packet transmission in Wireless Mesh Networks (WMNs) : a case study of Malicious Packet drop attack

Wireless Mesh Networks (WMNs) are known for possessing good attributes such as low up-front cost, easy network maintenance, and reliable service coverage. This has largely made them to be adopted in various areas such as; school campus networks, community networking, pervasive healthcare, office and home automation, emergency rescue operations and ubiquitous wireless networks. The routing nodes are equipped with self-organized and self-configuring capabilities. The routing mechanisms of WMNs depend on the collaboration of all participating nodes for reliable network performance. However, it has been noted that most routing algorithms proposed for WMNs in the last few years are designed with the assumption that all the participating nodes will collaboratively be involved in relaying the data packets originated from a source to a multi-hop destination. Such design approach exposes WMNs to vulnerability such as malicious packet drop attack. Therefore, it is imperative to design and implement secure and reliable packet routing mechanisms to mitigate this type of attack. While there are works that have attempted to implement secure routing approach, the findings in this research unearthed that further research works are required to improve the existing secure routing in order to provide more secure and reliable packet transmission in WMNs, in the event of denial of service (DoS) attacks such black hole malicious pack drop attack. This study further presents an analysis of the impact of the black hole malicious packet drop attack with other influential factors in WMNs. In the study, NS-3 simulator was used with AODV as the routing protocol. The results show that the packet delivery ratio and throughput of WMN under attack decreases sharply as compared to WMN free from attack

Forwarding fault detection in wireless community networks

Wireless community networks (WCN) are specially vulnerable to routing forwarding failures because of their intrinsic characteristics: use of inexpensive hardware that can be easily accessed; managed in a decentralized way, sometimes by non-expert administrators, and open to everyone; making it prone to hardware failures, misconfigurations and malicious attacks. To increase routing robustness in WCN, we propose a detection mechanism to detect faulty routers, so that the problem can be tackled. Forwarding fault detection can be explained as a 4 steps process: first, there is the need of monitoring and summarizing the traffic observed; then, the traffic summaries are shared among peers, so that evaluation of a router's behavior can be done by analyzing all the relevant traffic summaries; finally, once the faulty nodes have been detected a response mechanism is triggered to solve the issue. The contributions of this thesis focus on the first three steps of this process, providing solutions adapted to Wireless Community Networks that can be deployed without the need of modifying its current network stack. First, we study and characterize the distribution of the error of sketches, a traffic summary function that is resilient to packet dropping, modification and creation and provides better estimations than sampling. We define a random process to describe the estimation for each sketch type, which allows us to provide tighter bounds on the sketch accuracy and choose the size of the sketch more accurately for a set of given requirements on the estimation accuracy. Second, we propose KDet, a traffic summary dissemination and detection protocol that, unlike previous solutions, is resilient to collusion and false accusation without the need of knowing a packet's path. Finally, we consider the case of nodes with unsynchronized clocks and we propose a traffic validation mechanism based on sketches that is capable of discerning between faulty and non-faulty nodes even when the traffic summaries are misaligned, i.e. they refer to slightly different intervals of time.Las redes comunitarias son especialmente vulnerables a errores en la retransmisión de paquetes de red, puesto que están formadas por equipos de gama baja, que pueden ser fácilmente accedidos por extraños; están gestionados de manera distribuida y no siempre por expertos, y además están abiertas a todo el mundo; con lo que de manera habitual presentan errores de hardware o configuración y son sensibles a ataques maliciosos. Para mejorar la robustez en el enrutamiento en estas redes, proponemos el uso de un mecanismo de detección de routers defectuosos, para así poder corregir el problema. La detección de fallos de enrutamiento se puede explicar como un proceso de 4 pasos: el primero es monitorizar el tráfico existente, manteniendo desde cada punto de observación un resumen sobre el tráfico observado; después, estos resumenes se comparten entre los diferentes nodos, para que podamos llevar a cabo el siguiente paso: la evaluación del comportamiento de cada nodo. Finalmente, una vez hemos detectado los nodos maliciosos o que fallan, debemos actuar con un mecanismo de respuesta que corrija el problema. Esta tesis se concentra en los tres primeros pasos, y proponemos una solución para cada uno de ellos que se adapta al contexto de las redes comunitarias, de tal manera que se puede desplegar en ellas sin la necesidad de modificar los sistemas y protocolos de red ya existentes. Respecto a los resumenes de tráfico, presentamos un estudio y caracterización de la distribución de error de los sketches, una estructura de datos que es capaz de resumir flujos de tráfico resistente a la pérdida, manipulación y creación de paquetes y que además tiene mejor resolución que el muestreo. Para cada tipo de sketch, definimos una función de distribución que caracteriza el error cometido, de esta manera somos capaces de determinar con más precisión el tamaño del sketch requerido bajo unos requisitos de falsos positivos y negativos. Después proponemos KDet, un protocolo de diseminación de resumenes de tráfico y detección de nodos erróneos que, a diferencia de protocolos propuestos anteriormente, no require conocer el camino de cada paquete y es resistente a la confabulación de nodos maliciosos. Por último, consideramos el caso de nodos con relojes desincronizados, y proponemos un mecanismo de detección basado en sketches, capaz de discernir entre los nodos erróneos y correctos, aún a pesar del desalineamiento de los sketches (es decir, a pesar del que estos se refieran a momentos de tiempo ligeramente diferentes)

A Unified Wormhole Attack Detection Framework for Mobile Ad hoc Networks

The Internet is experiencing an evolution towards a ubiquitous network paradigm, via the so-called internet-of-things (IoT), where small wireless computing devices like sensors and actuators are integrated into daily activities. Simultaneously, infrastructure-less systems such as mobile ad hoc networks (MANET) are gaining popularity since they provide the possibility for devices in wireless sensor networks or vehicular ad hoc networks to share measured and monitored information without having to be connected to a base station. While MANETs offer many advantages, including self-configurability and application in rural areas which lack network infrastructure, they also present major challenges especially in regard to routing security. In a highly dynamic MANET, where nodes arbitrarily join and leave the network, it is difficult to ensure that nodes are trustworthy for multi-hop routing. Wormhole attacks belong to most severe routing threats because they are able to disrupt a major part of the network traffic, while concomitantly being extremely difficult to detect. This thesis presents a new unified wormhole attack detection framework which is effective for all known wormhole types, alongside incurring low false positive rates, network loads and computational time, for a variety of diverse MANET scenarios. The framework makes three original technical contributions: i) a new accurate wormhole detection algorithm based on packet traversal time and hop count analysis (TTHCA) which identifies infected routes, ii) an enhanced, dynamic traversal time per hop analysis (TTpHA) detection model which is adaptable to node radio range fluctuations, and iii) a method for automatically detecting time measurement tampering in both TTHCA and TTpHA. The thesis findings indicate that this new wormhole detection framework provides significant performance improvements compared to other existing solutions by accurately, efficiently and robustly detecting all wormhole variants under a wide range of network conditions

The Impact of Rogue Nodes on the Dependability of Opportunistic Networks

Opportunistic Networks (OppNets) are an extension to the classical Mobile Ad hoc Networks (MANETs) where the network is not dependent on any infrastructure (e.g. Access Points or centralized administrative nodes). OppNets can be more flexible than MANETs because an end to end path does not exist and much longer delays can be expected. Whereas a Rogue Access Point is typically immobile in the legacy infrastructure based networks and can have considerable impact on the overall connectivity, the research question in this project evaluates how the pattern and mobility of a rogue nodes impact the dependability and overall "Average Latency" in an Opportunistic Network Environment. We have simulated a subset of the mathematical modeling performed in a previous publication in this regard. Ad hoc networks are very challenging to model due to their mobility and intricate routing schemes. We strategically started our research by exploring the evolution of Opportunistic networks, and then implemented the rogue behavior by utilizing The ONE (Opportunistic Network Environment, by Nokia Research Centre) simulator to carry out our research over rogue behavior. The ONE simulator is an open source simulator developed in Java, simulating the layer 3 of the OSI model. The Rogue behavior is implemented in the simulator to observe the effect of rogue nodes. Finally we extracted the desired dataset to measure the latency by carefully simulating the intended behavior, keeping rest of the parameters (e.g. Node Movement Models, Signal Range and Strength, Point of Interest (POI) etc) unchanged. Our results are encouraging, and coincide with the average latency deterioration patterns as modeled by the previous researchers, with a few exceptions. The practical implementation of plug-in in ONE simulator has shown that only a very high degree of rogue nodes impact the latency, making OppNets more resilient and less vulnerable to malicious attacks