Experimental evaluation of the usage of ad hoc networks as stubs for multiservice networks

This paper describes an experimental evaluation of a multiservice ad hoc network, aimed to be interconnected with an infrastructure, operator-managed network. This network supports the efficient delivery of services, unicast and multicast, legacy and multimedia, to users connected in the ad hoc network. It contains the following functionalities: routing and delivery of unicast and multicast services; distributed QoS mechanisms to support service differentiation and resource control responsive to node mobility; security, charging, and rewarding mechanisms to ensure the correct behaviour of the users in the ad hoc network. This paper experimentally evaluates the performance of multiple mechanisms, and the influence and performance penalty introduced in the network, with the incremental inclusion of new functionalities. The performance results obtained in the different real scenarios may question the real usage of ad-hoc networks for more than a minimal number of hops with such a large number of functionalities deployed

Security Issues in Mobile Ad Hoc Networks

Ad hoc networks are built on the basis of a communication without infrastructure and major investigations have focused on the routing and autoconfiguration problems. However, there is a little progress in solving the secure autoconfiguration problems in mobile ad hoc networks (MANETs), which has led to the proliferation of threats given the vulnerabilities of MANETs. It is clear that ad hoc networks have no centralized mechanism for defense against threats, such as a firewall, an intrusion detection system, or a proxy. Therefore, it is necessary that the defense of interests of each of the ad hoc components is the responsibility of each member node. This paper shows the most common threats to ad hoc networks and reviews several proposals that attempt to minimize some of these threats, showing their protection ability and vulnerabilities in light of the threats that might aris

Integrated Architecture for Configuration and Service Management in MANET Environments

Esta tesis nos ha permitido trasladar algunos conceptos teóricos de la computación ubicua a escenarios reales, identificando las necesidades específicas de diferentes tipos de aplicaciones. Con el fin de alcanzar este objetivo, proponemos dos prototipos que proporcionan servicios sensibles al contexto en diferentes entornos, tales como conferencias o salas de recuperación en hospitales. Estos prototipos experimentales explotan la tecnología Bluetooth para ofrecer información basada en las preferencias del usuario. En ambos casos, hemos llevado a cabo algunos experimentos con el fin de evaluar el comportamiento de los sistemas y su rendimento. También abordamos en esta tesis el problema de la autoconfiguración de redes MANET basadas en el estándar 802.11 a través de dos soluciones novedosas. La primera es una solución centralizada que se basa en la tecnología Bluetooth, mientras la segunda es una solución distribuida que no necesita recurrir a ninguna tecnología adicional, ya que se basa en el uso del parámetro SSID. Ambos métodos se han diseñado para permitir que usuarios no expertos puedan unirse a una red MANET de forma transparente, proporcionando una configuración automática, rápida, y fiable de los terminales. Los resultados experimentales en implementaciones reales nos han permitido evaluar el rendimiento de las soluciones propuestas y demostrar que las estaciones cercanas se pueden configurar en pocos segundos. Además, hemos comparado ambas soluciones entre sí para poner de manifiesto las diferentes ventajas y desventajas en cuanto a rendimento. La principal contribución de esta tesis es EasyMANET, una plataforma ampliable y configurable cuyo objetivo es automatizar lo máximo posible las tareas que afectan a la configuración y puesta en marcha de redes MANET, de modo que su uso sea más simple y accesible.Cano Reyes, J. (2012). Integrated Architecture for Configuration and Service Management in MANET Environments [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/14675Palanci

Secure bootstrapping and routing in an IPv6-based ad hoc network

The mobile ad hoc network (MANET), which is characterized by an infrastructureless architecture and multi-hop communication, has attracted a lot of attention recently. In the evolution of IP networks to version 6, adopting the same protocol would guarantee the success and portability of MANETs. In this paper, we propose a secure bootstrapping and routing protocol for MANETs. Mobile hosts can autoconfigure and even change their IP addresses based on the concept of CGA (cryptographically generated address), but they can not hide their identities easily. The protocol is modified from DSR (dynamic source routing) to support secure routing. The neighbor discovery and domain name registration in IPv6 are incorporated and enhanced with security functions. The protocol is characterized by the following features: (i) it is designed based on IPv6, (ii) relying on a DNS server, it allows bootstrapping a MANET with little pre-configuration overhead, so network formation is light-weight, and (iii) it is able to resist a variety of security attacks

Light Weight Cryptographic Address Generation Using System State Entropy Gathering for IPv6 Based MANETs

In IPv6 based MANETs, the neighbor discovery enables nodes to self-configure and communicate with neighbor nodes through autoconfiguration. The Stateless address autoconfiguration (SLAAC) has proven to face several security issues. Even though the Secure Neighbor Discovery (SeND) uses Cryptographically Generated Addresses (CGA) to address these issues, it creates other concerns such as need for CA to authenticate hosts, exposure to CPU exhaustion attacks and high computational intensity. These issues are major concern for MANETs as it possesses limited bandwidth and processing power. The paper proposes empirically strong Light Weight Cryptographic Address Generation (LW-CGA) using entropy gathered from system states. Even the system users cannot monitor these system states; hence LW-CGA provides high security with minimal computational complexity and proves to be more suitable for MANETs. The LW-CGA and SeND are implemented and tested to study the performances. The evaluation shows that LW-CGA with good runtime throughput takes minimal address generation latency.Comment: 13 Page

Dinamička distribucija sigurnosnih ključeva i koalicijski protokol IP adresa za mobilne ad hoc mreže

In mobile adhoc networks (MANETs) a tree-based dynamic address auto-configuration protocol (T-DAAP) is one of the best protocols designed for address assignment as far as the network throughput and packet delays are concerned. Moreover, MANET security is an important factor for many applications given that any node can listen to the channel and overhear the packets being transmitted. In this paper, we merge the address assignment with the security key delivery into one protocol, such that a node in the MANET is configured with IP address and security key simultaneously. To the best of our knowledge, no single protocol provides concurrent assignment of IP addresses and security keys for MANET nodes. The proposed method, which is based on T-DAAP, shows significant enhancements in the required control packets needed for assigning network nodes IP addresses and security keys, MAC layer packets, total end-to-end delay, and channel throughput over those obtained when using separate protocols. Additionally, it provides not only efficient security keys to the nodes from the first moment they join the network, but also secure delivery of the address and security key to all participating nodes. It is noteworthy to mention that providing a complete security model for MANET to detect and countermeasure network security threats and attacks is beyond the scope of our proposed protocol.Kod mobilnih ad hoc mreža (MANET) dinamički protokol za autokonfiguraciju adresa baziran na stablu (T-DAAP) je jedan od najboljih protokola dizajniranih za dodjelu adresa iz perspektive propusnosti mreže i i kašnjenja paketa. štoviše, sigurnost MANET-a je važan faktor za mnoge aplikacije s obzirom da bilo koji čvor može osluškivati kanal i slučajno čuti pakete koji se šalju. U ovom radu, dodjela adresa i dostava sigurnosnih ključeva spojeni su u jedan protokol tako da je čvor u MANET-u konfiguriran simultano s IP adresom i sigurnosnim ključem. Prema saznanjima autora, niti jedan postojeći protokol ne pruža istovremeno dodjeljivanje IP adrese i sigurnosnog ključa za MANET čvorove. Predložena metoda, koja se bazira na T-DAAP-u, pokazuje značajna poboljšanja u odnosu na metode koje koriste odvojene porotokole, kod traženih kontrolnih paketa koji su potrebni za dodjeljivanje IP adresa i sigurnosnih ključeva čvorovima mreže, MAC paketa, ukupnog end-to-end kašnjenja i propusnosti kanala. Dodatno pruža ne samo efikasne sigurnosne ključeve čvorovima od trenutka kad se priključe mreži, nego i sigurno dostavljanje adrese i sigurnosnog ključa svim čvorovima koji sudjeluju u mreži. Važno je spomenuti da je pružanje cjelokupnog sigurnosnog modela za MANET koji detektira dodatno i protumjere prijetnjama i napadima na sigurnost mreže izvan dosega predloženog protokola