A reputation-based mechanism to mitigate host misbehaviors in DTNs

Delay Tolerant Networking (DTN) is a network paradigm designed for disconnected networks. Message delivery in DTNs relies on the mobility of carriers, hosts that carry messages from a network partition to another. Context-Aware Adaptive Routing (CAR) is a routing protocol for DTNs with the aim to select the carrier with the highest chance of successful message delivery. CAR relies on the assumption that all hosts in the network are collaborative, i.e. that cooperate in the message forwarding process. In real-life environments hosts can not cooperate in such process and endanger communication among partitions. We propose RCAR, a decentralized approach based on reputation aimed to detect and exclude misbehaving hosts from the network. Simulation tests made on a human mobility model show that RCAR increases the message delivery probability of CAR in presence of misbehaving carriers. Delay Tolerant Networking (DTN) è un paradigma di comunicazione progettato per reti caratterizzate da elevati ritardi e frequenti disconnessioni. La comunicazione fra dispositivi posizionati in partizioni di rete differenti avviene sfruttando la mobilità dei cosiddetti carriers, dispositivi che trasportano fisicamente un messaggio da una partizione di rete all'altra per conto di un altro dispositivo. Context-Aware Adaptive Routing (CAR) è un protocollo di routing per DTN che seleziona il carrier avente la più elevata probabilità di corretta consegna di un messaggio. Il corretto funzionamento di CAR fa affidamento sulla collaborazione di tutti i carriers nel processo di consegna di un messaggio. In sistemi reali però i carriers possono non partecipare a tale processo, mettendo quindi a rischio la comunicazione. Questo documento presenta RCAR, un meccanismo di sicurezza basato sul concetto di reputazione volto ad individuare ed escludere i carriers non collaborativi dal processo di consegna dei messaggi. I risultati di simulazioni effettuate utilizzando un modello di mobilità realistico dei dispositivi mostrano come RCAR aumenti la percentuale di messaggi consegnati correttamente rispetto a CAR in presenza di carriers non collaborativi

Managing Shared Access to a Spectrum Commons

The open access, unlicensed or spectrum commons approach to managing shared access to RF spectrum offers many attractive benefits, especially when implemented in conjunction with and as a complement to a regime of marketbased, flexible use, tradable licensed spectrum ([Benkler02], [Lehr04], [Werbach03]). However, as a number of critics have pointed out, implementing the unlicensed model poses difficult challenges that have not been well-addressed yet by commons advocates ([Benjam03], [Faulhab05], [Goodman04], [Hazlett01]). A successful spectrum commons will not be unregulated, but it also need not be command & control by another name. This paper seeks to address some of the implementation challenges associated with managing a spectrum commons. We focus on the minimal set of features that we believe a suitable management protocol, etiquette, or framework for a spectrum commons will need to incorporate. This includes: (1) No transmit only devices; (2) Power restrictions; (3) Common channel signaling; (4) Mechanism for handling congestion and allocating resources among users/uses in times of congestion; (5) Mechanism to support enforcement (e.g., established procedures to verify protocol is in conformance); (6) Mechanism to support reversibility of policy; and (7) Protection for privacy and security. We explain why each is necessary, examine their implications for current policy, and suggest ways in which they might be implemented. We present a framework that suggests a set of design principles for the protocols that will govern a successful commons management regime. Our design rules lead us to conclude that the appropriate Protocols for a Commons will need to be more liquid ([Reed05]) than in the past: (1) Marketbased instead of C&C; (2) Decentralized/distributed; and, (3) Adaptive and flexible (Anonymous, distributed, decentralized, and locally responsive)

Towards a secure cooperation mechanism for Challenging Networks

A Challenging Network (CN) is a network paradigm adapting to the many issues of the environment in order to guarantee the communication among nodes. One of the most important issues of a CN is the problem of secure cooperation among nodes. In fact, an attacker, either internal or external, may constitute a threat for the network. In this work I investigate the problem of secure cooperation in three kinds of CNs: the Underwater Acoustic Net- works (UANs), the Delay Tolerant Networks (DTNs) and the Publish/Subscribe Networks (PSNs). A UAN is a network paradigm allowing communication among underwater nodes equipped with acoustic modems. Since the acoustic channel is an open medium, an attacker conveniently equipped could intercept the messages traversing the network. In this work I describe a cryptographic suite, aimed at protecting the communication among underwater acoustic nodes. A DTN is a network paradigm guaranteeing message delivery even in presence of network partitions. A DTN relies on the implicit assumption that nodes cooperate towards message forwarding. However, this assumption cannot be satisfied when there are malicious nodes acting as blackholes and voluntarily attracting and dropping messages. In this work I propose a reputation-based protocol for contrasting blackholes. A PSN is a network paradigm allowing communication from publishers to subscribers by means of an infrastructure, called Dispatcher. In this work I present a secure PSN conceived to support cooperation be- tween organizations. The service is based on the notion of security group, an overlay composed of brokers representing organizations that guarantees confidentiality and integrity in end-to-end delivery of messages and supports clients mobility

Birep: a reputation scheme to mitigate the effects of black-hole nodes in delay-tolerant internet of vehicles

Delay-tolerant networking (DTN) enables communication in disruptive scenarios where issues such as sparse and intermittent connectivity, long and variable delays, high latency, high error rates, or no end-to-end connectivity exist. Internet of Vehicles (IoV) is a network of the future in which integration between devices, vehicles, and users will be unlimited and universal, overcoming the heterogeneity of systems, services, applications, and devices. Delay-tolerant internet of vehicles (DT-IoV) is emerging and becoming a popular research topic due to the critical applications that can be realized, such as software or map update dissemination. For an IoV to work efficiently, a degree of cooperation between nodes is necessary to deliver messages to their destinations. However, nodes might misbehave and silently drop messages, also known as a black-hole attack, degrading network performance. Various solutions have been proposed to deal with black-hole nodes, but most are centralized or require each node to meet every other node. This paper proposes a decentralized reputation scheme called BiRep that identifies and punishes black-hole nodes in DT-IoV. BiRep is tested on the Prophet routing protocol. Simulation results show excellent performance in all scenarios, comparable or better to other reputation schemes, significantly increasing the delivery ratio of messages

COMITMENT: A Fog Computing Trust Management Approach

none8siAs an extension of cloud computing, fog computing is considered to be relatively more secure than cloud computing due to data being transiently maintained and analyzed on local fog nodes closer to data sources. However, there exist several security and privacy concerns when fog nodes collaborate and share data to execute certain tasks. For example, offloading data to a malicious fog node can result into an unauthorized collection or manipulation of users’ private data. Cryptographic-based techniques can prevent external attacks, but are not useful when fog nodes are already authenticated and part of a networks using legitimate identities. We therefore resort to trust to identify and isolate malicious fog nodes and mitigate security, respectively. In this paper, we present a fog COMputIng Trust manageMENT (COMITMENT) approach that uses quality of service and quality of protection history measures from previous direct and indirect fog node interactions for assessing and managing the trust level of the nodes within the fog computing environment. Using COMITMENT approach, we were able to reduce/identify the malicious attacks/interactions among fog nodes by approximately 66%, while reducing the service response time by approximately 15 s.openAl-khafajiy M.; Baker T.; Asim M.; Guo Z.; Ranjan R.; Longo A.; Puthal D.; Taylor M.Al-khafajiy, M.; Baker, T.; Asim, M.; Guo, Z.; Ranjan, R.; Longo, A.; Puthal, D.; Taylor, M

Security management for mobile ad hoc network of networks (MANoN

Mobile Ad hoc Network of Networks (MANoN) are a group of large autonomous wireless nodes communicating on a peer-to-peer basis in a heterogeneous environment with no pre-defined infrastructure. In fact, each node by itself is an ad hoc network with its own management. MANoNs are evolvable systems, which mean each ad hoc network has the ability to perform separately under its own policies and management without affecting the main system; therefore, new ad hoc networks can emerge and disconnect from the MANoN without conflicting with the policies of other networks. The unique characteristics of MANoN makes such networks highly vulnerable to security attacks compared with wired networks or even normal mobile ad hoc networks. This thesis presents a novel security-management system based upon the Recommendation ITU-T M.3400, which is used to evaluate, report on the behaviour of our MANoN and then support complex services our system might need to accomplish. Our security management will concentrate on three essential components: Security Administration, Prevention and Detection and Containment and Recovery. In any system, providing one of those components is a problem; consequently, dealing with an infrastructure-less MANoN will be a dilemma, yet we approached each set group of these essentials independently, providing unusual solutions for each one of them but concentrating mainly on the prevention and detection category. The contributions of this research are threefold. First, we defined MANoN Security Architecture based upon the ITU-T Recommendations: X.800 and X.805. This security architecture provides a comprehensive, end-to-end security solution for MANoN that could be applied to every wireless network that satisfies a similar scenario, using such networks in order to predict, detect and correct security vulnerabilities. The security architecture identifies the security requirements needed, their objectives and the means by which they could be applied to every part of the MANoN, taking into consideration the different security attacks it could face. Second, realising the prevention component by implementing some of the security requirements identified in the Security Architecture, such as authentication, authorisation, availability, data confidentiality, data integrity and non-repudiation has been proposed by means of defining a novel Security Access Control Mechanism based on Threshold Cryptography Digital Certificates in MANoN. Network Simulator (NS-2) is a real network environment simulator, which is used to test the performance of the proposed security mechanism and demonstrate its effectiveness. Our ACM-MANoN results provide a fully distributed security protocol that provides a high level of secure, available, scalable, flexible and efficient management services for MANoN. The third contribution is realising the detection component, which is represented by providing a Behavioural Detection Mechanism based on nodes behavioural observation engaged with policies. This behaviour mechanism will be used to detect malicious nodes acting to bring the system down. This approach has been validated using an attacks case study in an unknown military environment to cope with misbehaving nodes

Modeling Security and Resource Allocation for Mobile Multi-hop Wireless Neworks Using Game Theory

This dissertation presents novel approaches to modeling and analyzing security and resource allocation in mobile ad hoc networks (MANETs). The research involves the design, implementation and simulation of different models resulting in resource sharing and security’s strengthening of the network among mobile devices. Because of the mobility, the network topology may change quickly and unpredictably over time. Moreover, data-information sent from a source to a designated destination node, which is not nearby, has to route its information with the need of intermediary mobile nodes. However, not all intermediary nodes in the network are willing to participate in data-packet transfer of other nodes. The unwillingness to participate in data forwarding is because a node is built on limited resources such as energy-power and data. Due to their limited resource, nodes may not want to participate in the overall network objectives by forwarding data-packets of others in fear of depleting their energy power. To enforce cooperation among autonomous nodes, we design, implement and simulate new incentive mechanisms that used game theoretic concepts to analyze and model the strategic interactions among rationale nodes with conflicting interests. Since there is no central authority and the network is decentralized, to address the concerns of mobility of selfish nodes in MANETs, a model of security and trust relationship was designed and implemented to improve the impact of investment into trust mechanisms. A series of simulations was carried out that showed the strengthening of security in a network with selfish and malicious nodes. Our research involves bargaining for resources in a highly dynamic ad-hoc network. The design of a new arbitration mechanism for MANETs utilizes the Dirichlet distribution for fairness in allocating resources. Then, we investigated the problem of collusion nodes in mobile ad-hoc networks with an arbitrator. We model the collusion by having a group of nodes disrupting the bargaining process by not cooperating with the arbitrator. Finally, we investigated the resource allocation for a system between agility and recovery using the concept of Markov decision process. Simulation results showed that the proposed solutions may be helpful to decision-makers when allocating resources between separated teams

COMITMENT: A Fog Computing Trust Management Approach

As an extension of cloud computing, fog computing is considered to be relatively more secure than cloud computing due to data being transiently maintained and analyzed on local fog nodes closer to data sources. However, there exist several security and privacy concerns when fog nodes collaborate and share data to execute certain tasks. For example, offloading data to a malicious fog node can results into an unauthorized collection or manipulation of users’ private data. Cryptographic-based techniques can prevent external attacks, but are not useful when fog nodes are already authenticated and part of a networks using legitimate identities. We therefore resort to trust to identify and isolate malicious fog nodes and mitigate security, respectively. In this paper, we present a fog COMputIng Trust manageMENT (COMITMENT) approach that uses quality of service and quality of protection history measures from previous direct and indirect fog node interactions for assessing and managing the trust level of the nodes within the fog computing environment. Using COMITMENT approach, we were able to reduce/identify the malicious attacks/interactions among fog nodes by approximately 66%, while reducing the service response time by approximately 15s

Content Sharing in Mobile Networks with Infrastructure: Planning and Management

This thesis focuses on mobile ad-hoc networks (with pedestrian or vehicular mobility) having infrastructure support. We deal with the problems of design, deployment and management of such networks. A first issue to address concerns infrastructure itself: how pervasive should it be in order for the network to operate at the same time efficiently and in a cost-effective manner? How should the units composing it (e.g., access points) be placed? There are several approaches to such questions in literature, and this thesis studies and compares them. Furthermore, in order to effectively design the infrastructure, we need to understand how and how much it will be used. As an example, what is the relationship between infrastructure-to-node and node-to-node communication? How far away, in time and space, do data travel before its destination is reached? A common assumption made when dealing with such problems is that perfect knowledge about the current and future node mobility is available. In this thesis, we also deal with the problem of assessing the impact that an imperfect, limited knowledge has on network performance. As far as the management of the network is concerned, this thesis presents a variant of the paradigm known as publish-and-subscribe. With respect to the original paradigm, our goal was to ensure a high probability of finding the requested content, even in presence of selfish, uncooperative nodes, or even nodes whose precise goal is harming the system. Each node is allowed to get from the network an amount of content which corresponds to the amount of content provided to other nodes. Nodes with caching capabilities are assisted in using their cache in order to improve the amount of offered conten