47 research outputs found
Secure Routing in Wireless Mesh Networks
Wireless mesh networks (WMNs) have emerged as a promising concept to meet the
challenges in next-generation networks such as providing flexible, adaptive,
and reconfigurable architecture while offering cost-effective solutions to the
service providers. Unlike traditional Wi-Fi networks, with each access point
(AP) connected to the wired network, in WMNs only a subset of the APs are
required to be connected to the wired network. The APs that are connected to
the wired network are called the Internet gateways (IGWs), while the APs that
do not have wired connections are called the mesh routers (MRs). The MRs are
connected to the IGWs using multi-hop communication. The IGWs provide access to
conventional clients and interconnect ad hoc, sensor, cellular, and other
networks to the Internet. However, most of the existing routing protocols for
WMNs are extensions of protocols originally designed for mobile ad hoc networks
(MANETs) and thus they perform sub-optimally. Moreover, most routing protocols
for WMNs are designed without security issues in mind, where the nodes are all
assumed to be honest. In practical deployment scenarios, this assumption does
not hold. This chapter provides a comprehensive overview of security issues in
WMNs and then particularly focuses on secure routing in these networks. First,
it identifies security vulnerabilities in the medium access control (MAC) and
the network layers. Various possibilities of compromising data confidentiality,
data integrity, replay attacks and offline cryptanalysis are also discussed.
Then various types of attacks in the MAC and the network layers are discussed.
After enumerating the various types of attacks on the MAC and the network
layer, the chapter briefly discusses on some of the preventive mechanisms for
these attacks.Comment: 44 pages, 17 figures, 5 table
Security and Privacy Issues in Wireless Mesh Networks: A Survey
This book chapter identifies various security threats in wireless mesh
network (WMN). Keeping in mind the critical requirement of security and user
privacy in WMNs, this chapter provides a comprehensive overview of various
possible attacks on different layers of the communication protocol stack for
WMNs and their corresponding defense mechanisms. First, it identifies the
security vulnerabilities in the physical, link, network, transport, application
layers. Furthermore, various possible attacks on the key management protocols,
user authentication and access control protocols, and user privacy preservation
protocols are presented. After enumerating various possible attacks, the
chapter provides a detailed discussion on various existing security mechanisms
and protocols to defend against and wherever possible prevent the possible
attacks. Comparative analyses are also presented on the security schemes with
regards to the cryptographic schemes used, key management strategies deployed,
use of any trusted third party, computation and communication overhead involved
etc. The chapter then presents a brief discussion on various trust management
approaches for WMNs since trust and reputation-based schemes are increasingly
becoming popular for enforcing security in wireless networks. A number of open
problems in security and privacy issues for WMNs are subsequently discussed
before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the
author's previous submission in arXiv submission: arXiv:1102.1226. There are
some text overlaps with the previous submissio
Round-Based Consensus Algorithms, Predicate Implementations and Quantitative Analysis
Fault-tolerant computing is the art and science of building computer systems that continue to operate normally in the presence of faults. The fault tolerance field covers a wide spectrum of research area ranging from computer hardware to computer software. A common approach to obtain a fault-tolerant system is using software replication. However, maintaining the state of the replicas consistent is not an easy task, even though the understanding of the problems related to replication has significantly evolved over the past thirty years. Consensus is a fundamental building block to provide consistency in any fault-tolerant distributed system. A large number of algorithms have been proposed to solve the consensus problem in different systems. The efficiency of several consensus algorithms has been studied theoretically and practically. A common metric to evaluate the performance of consensus algorithms is the number of communication steps or the number of rounds (in round-based algorithms) for deciding. A large amount of improvements to consensus algorithms have been proposed to reduce this number under different assumptions, e.g., nice runs. However, the efficiency expressed in terms of number of rounds does not predict the time it takes to decide (including the time needed by the system to stabilize or not). Following this idea, the thesis investigates the round model abstraction to represent consensus algorithms, with benign and Byzantine faults, in a concise and modular way. The goal of the thesis is first to decouple the consensus algorithm from irrelevant details of implementations, such as synchronization, then study different possible implementations for a given consensus algorithm, and finally propose a more general analytical analysis for different consensus algorithms. The first part of the thesis considers the round-based consensus algorithms with benign faults. In this context, the round model allowed us to separate the consensus algorithms from the round implementation, to propose different round implementations, to improve existing round implementations by making them swift, and to provide quantitative analysis of different algorithms. The second part of the thesis considers the round-based consensus algorithms with Byzantine faults. In this context, there is a gap between theoretical consensus algorithms and practical Byzantine fault-tolerant protocols. The round model allowed us to fill the gap by better understanding existing protocols, and enabled us to express existing protocols in a simple and modular way, to obtain simplified proofs, to discover new protocols such as decentralized (non leader-based) algorithms, and finally to perform precise timing analysis to compare different algorithms. The last part of the thesis shows, as an example, how a round-based consensus algorithm that tolerates benign faults can be extended to wireless mobile ad hoc networks using an adequate communication layer. We have validated our implementation by running simulations in single hop and multi-hop wireless networks
Security aspects of OSPF as a MANET routing protocol
OSPF, Open Shortest Path First, is an Intra-gateway routing protocol
first developed as an IETF effort. It is widely adopted in large
enterprise-scale networks, being well regarded for its fast
convergence and loop-free routing. It is versatile in terms of which
interface types it supports, such as point-to-point links or broadcast networks.
It also offers scalability through hierarchical routing and by using
centralization to reduce the amount of overhead on networks which have
broadcast or broadcast-similar properties. An interface type missing
from the standard so far is that of a wireless network, characterized
by non-guaranteed bidirectional links combined with unreliable
broadcasting, and existing interface types generally perform poorly
under these networks. The IETF has therefore instituted a Working Group to
standardize such an interface type extension to the latest version,
OSPF version 3. This interface type will permit mobility and
multi-hop characteristics in addition to those of wireless links in
general. Such networks are usually referred to as Mobile
Ad-hoc Networks (MANET). MANET routing protocols are subject to more
severe security issues than ordinary, wireline-oriented protocols
are. This thesis aims to indentify key security aspects of OSPF as a
MANET routing protocol
Mobile Ad-Hoc Networks
Being infrastructure-less and without central administration control, wireless ad-hoc networking is playing a more and more important role in extending the coverage of traditional wireless infrastructure (cellular networks, wireless LAN, etc). This book includes state-of-the-art techniques and solutions for wireless ad-hoc networks. It focuses on the following topics in ad-hoc networks: quality-of-service and video communication, routing protocol and cross-layer design. A few interesting problems about security and delay-tolerant networks are also discussed. This book is targeted to provide network engineers and researchers with design guidelines for large scale wireless ad hoc networks
Encaminhamento confiável e energeticamente eficiente para redes ad hoc
Doutoramento em InformáticaIn Mobile Ad hoc NETworks (MANETs), where cooperative behaviour is
mandatory, there is a high probability for some nodes to become overloaded
with packet forwarding operations in order to support neighbor data exchange.
This altruistic behaviour leads to an unbalanced load in the network in terms of
traffic and energy consumption. In such scenarios, mobile nodes can benefit
from the use of energy efficient and traffic fitting routing protocol that better
suits the limited battery capacity and throughput limitation of the network. This
PhD work focuses on proposing energy efficient and load balanced routing
protocols for ad hoc networks. Where most of the existing routing protocols
simply consider the path length metric when choosing the best route between a
source and a destination node, in our proposed mechanism, nodes are able to
find several routes for each pair of source and destination nodes and select the
best route according to energy and traffic parameters, effectively extending the
lifespan of the network. Our results show that by applying this novel
mechanism, current flat ad hoc routing protocols can achieve higher energy
efficiency and load balancing. Also, due to the broadcast nature of the wireless
channels in ad hoc networks, other technique such as Network Coding (NC)
looks promising for energy efficiency. NC can reduce the number of
transmissions, number of re-transmissions, and increase the data transfer rate
that directly translates to energy efficiency. However, due to the need to access
foreign nodes for coding and forwarding packets, NC needs a mitigation
technique against unauthorized accesses and packet corruption. Therefore, we
proposed different mechanisms for handling these security attacks by, in
particular by serially concatenating codes to support reliability in ad hoc
network. As a solution to this problem, we explored a new security framework
that proposes an additional degree of protection against eavesdropping
attackers based on using concatenated encoding. Therefore, malicious
intermediate nodes will find it computationally intractable to decode the
transitive packets. We also adopted another code that uses Luby Transform
(LT) as a pre-coding code for NC. Primarily being designed for security
applications, this code enables the sink nodes to recover corrupted packets
even in the presence of byzantine attacks.Nas redes móveis ad hoc (MANETs), onde o comportamento cooperativo é
obrigatório, existe uma elevada probabilidade de alguns nós ficarem
sobrecarregados nas operações de encaminhamento de pacotes no apoio Ã
troca de dados com nós vizinhos. Este comportamento altruÃsta leva a uma
sobrecarga desequilibrada em termos de tráfego e de consumo de energia.
Nestes cenários, os nós móveis poderão beneficiar do uso da eficiência
energética e de protocolo de encaminhamento de tráfego que melhor se
adapte à sua capacidade limitada da bateria e velocidade de processamento.
Este trabalho de doutoramento centra-se em propor um uso eficiente da
energia e protocolos de encaminhamento para balanceamento de carga nas
redes ad hoc. Actualmente a maioria dos protocolos de encaminhamento
existentes considera simplesmente a métrica da extensão do caminho, ou seja
o número de nós, para a escolha da melhor rota entre fonte (S) e um nó de
destino (D); no mecanismo aqui proposto os nós são capazes de encontrar
várias rotas por cada par de nós de origem e destino e seleccionar o melhor
caminho segundo a energia e parâmetros de tráfego, aumentando o tempo de
vida útil da rede. Os nossos resultados mostram que pela aplicação deste novo
mecanismo, os protocolos de encaminhamento ad hoc actuais podem alcançar
uma maior eficiência energética e balanceamento de carga.
Para além disso, devido à natureza de difusão dos canais sem fio em redes
ad-hoc, outras técnicas, tais como a Codificação de Rede (NC), parecem ser
também promissoras para a eficiência energética. NC pode reduzir o número
de transmissões, e número de retransmissões e aumentar a taxa de
transferência de dados traduzindo-se directamente na melhoria da eficiência
energética. No entanto, devido ao acesso dos nós intermediários aos pacotes
em trânsito e sua codificação, NC necessita de uma técnica que limite as
acessos não autorizados e a corrupção dos pacotes. Explorou-se o
mecanismo de forma a oferecer um novo método de segurança que propõe um
grau adicional de protecção contra ataques e invasões. Por conseguinte, os
nós intermediários mal-intencionados irão encontrar pacotes em trânsito
computacionalmente intratáveis em termos de descodificação. Adoptou-se
também outro código que usa Luby Transform (LT) como um código de précodificação
no NC. Projectado inicialmente para aplicações de segurança, este
código permite que os nós de destino recuperem pacotes corrompidos mesmo
em presença de ataques bizantinos
Security protocols for mobile ad hoc networks
Mobile ad hoc networks (MANETs) are generating much interest both in academia and the telecommunication industries. The principal attractions of MANETs are related to the ease with which they can be deployed due to their infrastructure-less and decentralized nature. For example, unlike other wireless networks, MANETs do not require centralized infrastructures such as base stations, and they are arguably more robust due to their avoidance of single point of failures. Interestingly, the attributes that make MANETs attractive as a network paradigm are the same phenomena that compound the challenge of designing adequate security schemes for these innovative networks.One of the challenging security problems is the issue of certificate revocation in MANETs where there are no on-line access to trusted authorities. In wired network environments, when certificates are to be revoked, certificate authorities (CAs) add the information regarding the certificates in question to certificate revocation lists (CRLs) and post the CRLs on accessible repositories or distribute them to relevant entities. In purely ad hoc networks, there are typically no access to centralized repositories or trusted authorities; therefore the conventional method of certificate revocation is not applicable.Another challenging MANET security problem is the issue of secure routing in the presence of selfish or adversarial entities which selectively drop packets they agreed to forward; and in so doing these selfish or adversarial entities can disrupt the network traffic and cause various communication problems.In this thesis, we present two security protocols we developed for addressing the above-mentioned MANET security needs. The first protocol is a decentralized certificate revocation scheme which allows the nodes within a MANET to have full control over the process of certificate revocation. The scheme is fully contained and it does not rely on any input from centralized or external entities such as trusted CAs. The second protocol is a secure MANET routing scheme we named Robust Source Routing (RSR). In addition to providing data origin authentication services and integrity checks, RSR is able to mitigate against intelligent, colluding malicious agents which selectively drop or modify packets they are required to forward