Selected Issues of QoS Provision in Heterogenous Military Networks

Tactical ad-hoc networks are evolving today towards complex heterogeneous networks in terms of architecture, protocols and security. Due to the difference in network resources and reliability, end-to-end quality of service provisioning becomes very challenging. If we also take into account communication issues such as unpredictable connectivity, preferential forwarding for special traffic classes, intermittency due to node or communication link failure, the problem is further aggravated.In this article, we examine the major challenges that must be solved in order to provide efficient QoS provisioning in the heterogeneous network. Finally we describe QoS-aware mechanisms for inter-domain and intra-domain heterogeneous networks, also including real-time services provision in highly mobile environments.

Reputation-Based Internet Protocol Security: A Multilayer Security Framework for Mobil Ad Hoc Networks

This research effort examines the theory, application, and results for a Reputation-based Internet Protocol Security (RIPSec) framework that provides security for an ad-hoc network operating in a hostile environment. In RIPSec, protection from external threats is provided in the form of encrypted communication links and encryption-wrapped nodes while internal threats are mitigated by behavior grading that assigns reputations to nodes based on their demonstrated participation in the routing process. Network availability is provided by behavior grading and round-robin multipath routing. If a node behaves faithfully, it earns a positive reputation over time. If a node misbehaves (for any number of reasons, not necessarily intentional), it earns a negative reputation. Each member of the MANET has its own unique and subjective set of Reputation Indexes (RI) that enumerates the perceived reputation of the other MANET nodes. Nodes that desire to send data will eliminate relay nodes they perceive to have a negative reputation during the formulation of a route. A 50-node MANET is simulated with streaming multimedia and varying levels of misbehavior to determine the impact of the framework on network performance. Results of this research were very favorable. Analysis of the simulation data shows the number of routing errors sent in a MANET is reduced by an average of 52% when using RIPSec. The network load is also reduced, decreasing the overall traffic introduced into the MANET and permitting individual nodes to perform more work without overtaxing their limited resources. Finally, throughput is decreased due to larger packet sizes and longer round trips for packets to traverse the MANET, but is still sufficient to pass traffic with high bandwidth requirements (i.e., video and imagery) that is of interest in military networks

Authentication in Protected Core Networking

Protected Core Networking (PCN) is a concept that aims to increase information sharing between nations in coalition military operations. PCN specifies the interconnection of national transport networks, called Protected Core Segments (PCSs), to a federated transport network called Protected Core (PCore). PCore is intended to deliver high availability differentiated transport services to its user networks, called Colored Clouds (CCs). To achieve this goal, entity authentication of all connecting entities is specified as a protective measure. In resource constrained environments, the distribution of service policy can be challenging. That is, which transport services are associated with a given entity. The thesis proposes two new and original protocols where CCs push service policy to the network by performing authentication based on attributes. Using identity-based signatures, attributes constituting a service policy are used directly for an entity's identity, and no external mechanism linking identity and policy is needed. For interoperability, the idea has been incorporated into PKINIT Kerberos and symmetric key Kerberos by carrying the authorized attributes within tickets. The proposed protocols are formally verified in the symbolic model using scyther-proof. The experiment shows that both CCs, and PCSs achieve greater assurance on agreed attributes, and hence on expected service delivery. A CC and a visiting PCS are able to negotiate, and agree on the expected service depending on the situation. The proposed solution provides benefits to CCs on expected service when connecting to a visiting PCS, with poor connectivity to the home PCS. In that respect, interconnection of entities with little pre-established relationship is simplified, and hence fulfillment of the PCN concept is facilitated

Airborne Directional Networking: Topology Control Protocol Design

This research identifies and evaluates the impact of several architectural design choices in relation to airborne networking in contested environments related to autonomous topology control. Using simulation, we evaluate topology reconfiguration effectiveness using classical performance metrics for different point-to-point communication architectures. Our attention is focused on the design choices which have the greatest impact on reliability, scalability, and performance. In this work, we discuss the impact of several practical considerations of airborne networking in contested environments related to autonomous topology control modeling. Using simulation, we derive multiple classical performance metrics to evaluate topology reconfiguration effectiveness for different point-to-point communication architecture attributes for the purpose of qualifying protocol design elements

Journal of Telecommunications and Information Technology, 2008, nr 2

kwartalni

An Investigation into Trust and Reputation Frameworks for Autonomous Underwater Vehicles

As Autonomous Underwater Vehicles (AUVs) become more technically capable and economically feasible, they are being increasingly used in a great many areas of defence, commercial and environmental applications. These applications are tending towards using independent, autonomous, ad-hoc, collaborative behaviour of teams or fleets of these AUV platforms. This convergence of research experiences in the Underwater Acoustic Network (UAN) and Mobile Ad-hoc Network (MANET) fields, along with the increasing Level of Automation (LOA) of such platforms, creates unique challenges to secure the operation and communication of these networks. The question of security and reliability of operation in networked systems has usually been resolved by having a centralised coordinating agent to manage shared secrets and monitor for misbehaviour. However, in the sparse, noisy and constrained communications environment of UANs, the communications overheads and single-point-of-failure risk of this model is challenged (particularly when faced with capable attackers). As such, more lightweight, distributed, experience based systems of “Trust” have been proposed to dynamically model and evaluate the “trustworthiness” of nodes within a MANET across the network to prevent or isolate the impact of malicious, selfish, or faulty misbehaviour. Previously, these models have monitored actions purely within the communications domain. Moreover, the vast majority rely on only one type of observation (metric) to evaluate trust; successful packet forwarding. In these cases, motivated actors may use this limited scope of observation to either perform unfairly without repercussions in other domains/metrics, or to make another, fair, node appear to be operating unfairly. This thesis is primarily concerned with the use of terrestrial-MANET trust frameworks to the UAN space. Considering the massive theoretical and practical difference in the communications environment, these frameworks must be reassessed for suitability to the marine realm. We find that current single-metric Trust Management Frameworks (TMFs) do not perform well in a best-case scaling of the marine network, due to sparse and noisy observation metrics, and while basic multi-metric communications-only frameworks perform better than their single-metric forms, this performance is still not at a reliable level. We propose, demonstrate (through simulation) and integrate the use of physical observational metrics for trust assessment, in tandem with metrics from the communications realm, improving the safety, security, reliability and integrity of autonomous UANs. Three main novelties are demonstrated in this work: Trust evaluation using metrics from the physical domain (movement/distribution/etc.), demonstration of the failings of Communications-based Trust evaluation in sparse, noisy, delayful and non-linear UAN environments, and the deployment of trust assessment across multiple domains, e.g. the physical and communications domains. The latter contribution includes the generation and optimisation of cross-domain metric composition or“synthetic domains” as a performance improvement method

Securing Data Dissemination in Vehicular ad hoc Networks

Vehicular ad hoc networks (VANETs) are a subclass of mobile ad hoc networks (MANETs) in which the mobile nodes are vehicles; these vehicles are autonomous systems connected by wireless communication on a peer-to-peer basis. They are self-organized, self-configured and self-controlled infrastructure-less networks. This kind of network has the advantage of being able to be set-up and deployed anywhere and anytime because it has no infrastructure set-up and no central administration. Distributing information between these vehicles over long ranges in such networks, however, is a very challenging task, since sharing information always has a risk attached to it especially when the information is confidential. The disclosure of such information to anyone else other than the intended parties could be extremely damaging, particularly in military applications where controlling the dissemination of messages is essential. This thesis therefore provides a review of the issue of security in VANET and MANET; it also surveys existing solutions for dissemination control. It highlights a particular area not adequately addressed until now: controlling information flow in VANETs. This thesis contributes a policy-based framework to control the dissemination of messages communicated between nodes in order to ensure that message remains confidential not only during transmission, but also after it has been communicated to another peer, and to keep the message contents private to an originator-defined subset of nodes in the VANET. This thesis presents a novel framework to control data dissemination in vehicle ad hoc networks in which policies are attached to messages as they are sent between peers. This is done by automatically attaching policies along with messages to specify how the information can be used by the receiver, so as to prevent disclosure of the messages other than consistent with the requirements of the originator. These requirements are represented as a set of policy rules that explicitly instructs recipients how the information contained in messages can be disseminated to other nodes in order to avoid unintended disclosure. This thesis describes the data dissemination policy language used in this work; and further describes the policy rules in order to be a suitable and understandable language for the framework to ensure the confidentiality requirement of the originator. This thesis also contributes a policy conflict resolution that allows the originator to be asked for up-to-date policies and preferences. The framework was evaluated using the Network Simulator (NS-2) to provide and check whether the privacy and confidentiality of the originators’ messages were met. A policy-based agent protocol and a new packet structure were implemented in this work to manage and enforce the policies attached to packets at every node in the VANET. Some case studies are presented in this thesis to show how data dissemination can be controlled based on the policy of the originator. The results of these case studies show the feasibility of our research to control the data dissemination between nodes in VANETs. NS-2 is also used to test the performance of the proposed policy-based agent protocol and demonstrate its effectiveness using various network performance metrics (average delay and overhead)

A Simulation-based Methodology for the Assessment of Server-based Security Architectures for Mobile Ad Hoc Networks (MANETs)

This thesis was submitted for the award of Doctor of Philosophy and was awarded by Brunel University LondonA Mobile Ad hoc Network (MANET) is typically a set of wireless mobile nodes enabled to communicate dynamically in a multi-hop manner without any pre-existing network infrastructure. MANETs have several unique characteristics in contrast to other typical networks, such as dynamic topology, intermittent connectivity, limited resources, and lack of physical security. Securing MANETs is a critical issue as these are vulnerable to many different attacks and failures and have no clear line of defence. To develop effective security services in MANETs, it is important to consider an appropriate trust infrastructure which is tailored to a given MANET and associated application. However, most of the proposed trust infrastructures do not to take the MANET application context into account. This may result in overly secure MANETs that incur an increase in performance and communication overheads due to possible unnecessary security measures. Designing and evaluating trust infrastructures for MANETs is very challenging. This stems from several pivotal overlapping aspects such as MANET constraints, application settings and performance. Also, there is a lack of practical approaches for assessing security in MANETs that take into account most of these aspects. Based on this, this thesis provides a methodological approach which consists of well-structured stages that allows the exploration of possible security alternatives and evaluates these alternatives against dimensions to selecting the best option. These dimensions include the operational level, security strength, performance, MANET contexts along with main security components in a form of a multidimensional security conceptual framework. The methodology describes interdependencies among these dimensions, focusing specifically on the service operational level in the network. To explore these different possibilities, the Server-based Security Architectures for MANETs (SSAM) simulation model has been created in the OMNeT++ simulation language. The thesis describes the conceptualisation, implementation, verification and validation of SSAM, as well as experimentation approaches that use SSAM to support the methodology of this thesis. In addition, three different real cases scenarios (academic, emergency and military domains) are incorporated in this study to substantiate the feasibility of the proposed methodology. The outcome of this approach provides MANET developers with a strategy along with guidelines of how to consider the appropriate security infrastructure that satisfies the settings and requirements of given MANET context