Daidalos Security Framework for Mobile Services

Mobility is now the central focus of the lives of European citizens in business, education, and leisure. This will be enriched by pervasiveness in the future. The Daidalos vision is to seamlessly integrate heterogeneous network technologies that allow network operators and service providers to offer new and profitable services, giving users access to a wide range of pervasive, personalised voice, data, and multimedia services. This paper discusses the security issues that need to be addressed to make Daidalos a real viable solution for future pervasive mobility. Issues include among others privacy & identity management, secure protocols, distributed key management, security in ad hoc networks

A Charging and Rewarding Scheme for Packet Forwarding

In multi-hop cellular networks, data packets have to be relayed hop by hop from a given mobile station to a base station and vice-versa. This means that the mobile stations must accept to forward information for the benefit of other stations. In this paper, we propose an incentive mechanism that is based on a charging/rewarding scheme and that makes collaboration rational for selfish nodes. We base our solution on symmetric cryptography to cope with the limited resources of the mobile stations. We provide a set of protocols and study their robustness with respect to various attacks. By leveraging on the relative stability of the routes, our solution leads to a very moderate overhead

Node Cooperation in Hybrid Ad hoc Networks

A hybrid ad hoc network is a structure-based network that is extended using multi-hop communications. Indeed, in this kind of network, the existence of a communication link between the mobile station and the base station is not required: A mobile station that has no direct connection with a base station can use other mobile stations as relays. Compared with conventional (single-hop) structure-based networks, this new generation can lead to a better use of the available spectrum and to a reduction of infrastructure costs. However, these benefits would vanish if the mobile nodes did not properly cooperate and forward packets for other nodes. In this paper, we propose a charging and rewarding scheme to encourage the most fundamental operation, namely packet forwarding. We use ``MAC layering" to reduce the space overhead in the packets and a stream cipher encryption mechanism to provide ``implicit authentication" of the nodes involved in the communication. We analyze the robustness of our protocols against rational and malicious attacks. We show that - using our solution - collaboration is rational for selfish nodes. We also show that our protocols thwart rational attacks and detect malicious attacks

Cooperation in Multi-hop Cellular Networks

Naouel Ben Salem, Levente Buttyan, Jean-Pierre Hubaux and Markus Jakobsson abstract: In multi-hop cellular networks, the existence of a communication link between the mobile station and the base station is not required: a mobile station that has no direct connection with a base station can use other mobile stations as relays. Compared with conventional (single-hop) cellular networks, this new generation can lead to a better usage of the available spectrum and to a reduction of infrastructure costs. However, these benefits would vanish if the mobile nodes did not properly cooperate and forward packets for other nodes. In this paper, we propose a charging and rewarding scheme to encourage the most fundamental operation, namely packet forwarding. We analyse the robustness of our protocols against rational and malicious attacks. We show that our protocols thwart rational attacks and detect malicious attacks. We also show that our solution makes collaboration rational for selfish nodes

Avaliação de desempenho e mobilidade em redes auto-organizadas

Mestrado em Engenharia de Computadores e TelemáticaAs redes móveis ad hoc (ou auto-organizadas) são um assunto que nos últimos anos tem ganho muita atenção da comunidade científica. Os problemas associados a este tipo de redes foram amplamente estudados e expostos, foram propostas soluções, e algumas até foram tornadas um padrão da indústria. No entanto, a grande maioria do trabalho realizado, é dedicado a resolver só um problema de cada vez. Da mesma forma, as soluções que são testadas por forma a verificar a sua validade, muitas das vezes, são testadas recorrendo a trabalho de simulação. Uma parte do trabalho que é apresentado nesta dissertação de mestrado, junta uma série de protocolos desenvolvidos para redes ad hoc, os quais providenciam funcionalidades como: auto configuração, encaminhamento unicast e multicast, qualidade de serviço e taxação com incentivos numa única solução integrada que interliga as redes ad hoc a redes infra-estruturadas funcionando como uma extensão das mesmas. O demonstrador criado é avaliado de forma experimental, e os resultados obtidos são apresentados e discutidos. Uma vez que a rede ad hoc está interligada à rede infra-estruturada, num ambiente de quarta geração, é também apresentada uma arquitectura que suporta mobilidade de nós entre redes ad hoc e as redes infra-estuturadas que fazem parte do ambiente heterogéneo, e de este para as redes ad hoc é apresentada. A rede geral onde a rede ad hoc é integrada suporta novas tecnologias e tendências em gestão de mobilidade, tais como o protocolo em desenvolvimento IEEE 802.21 Media Independent Handover e gestão de mobilidade baseada em Domínios de Mobilidade Local. A forma como a rede ad hoc se integra com as tecnologias presentes na rede infra-estruturada, e como as especificidades da rede ad hoc são escondidas, é descrita e explicada. ABSTRACT: Mobile Ad hoc network is a subject that has gained lots of attention from the research community in recent years. The problems inherent to this types of networks have been studied and exposed, solutions have been created and even standardized. However, the vast majority of the work performed is dedicated to only one problem at the time. In addition, the tests performed to validate the produced solutions are, most of the times, obtained through simulation work. The work presented in this thesis gathers together a set of ad hoc protocols, providing functionalities such as auto-configuration, unicast and multicast routing, quality of service and charging and rewarding in one integrated testbed, serving as a stub network in a hotspot scenario. A experimental evaluation is performed, and results are presented and discussed. Additionally, since the network belongs to a hotspot of fourth generation, a architecture that supports mobility of nodes between the ad hoc network and infrastructure networks is presented. The general network that includes ad hoc network integrates and supports the new technologies and tendencies in mobility management, such as the IEEE 802.21 Media Independent Handover and mobility management based on Local Mobility Domains. The way the MANET fully integrates with the infrastructure network, and how the ad hoc networks specific characteristics are hidden, is also presented and explained

Soluções de broadcast para redes 4G

Mestrado em Engenharia Electrónica e de TelecomunicaçõesA primeira difusão de conteúdos video e audio teve um forte impacto no quotidiano da população que assistiu a uma revolução nos modelos de transmissão de informação e de entretenimento. A evolução desde então foi significativa, e já na era digital, encontramo-nos face a uma nova sub-elevação da metodologia e do conceito subjacentes à transmissão de conteudos multimédia. O mundo actual apresenta, contudo, diferentes requisitos, de entre os quais se destacam a procura pela alta definição e mobilidade. A mobilidade tem sido um particular foco de atenção por parte dos operadores que exploram agora modelos para entregar uma vasta gama de serviços que sejam atractivos para os utilizadores. Esta dissertação apresenta um sumário das tecnologias emergentes de broadcast que se distinguem nas várias partes do mundo com a sua particular incidência geográfica, características e cenários de aplicação. É ainda apresentada uma arquitectura 4G abordando assuntos inerentes à mobilidade e qualidade de serviço com particular incidência nos aspectos relacionados com a integração de uma tecnologia de broadcast particular. Para avaliação da arquitectura proposta foram efectuados estudos com base num equipamento de broadcast na sua versão comercial, permitindo desta forma obter uma análise que ilustra o que os operadores podem esperar do estado actual dos dispositivos. Os resultados permitiram retirar ilações sobre o comportamento de um equipamento considerado como um produto final a disponibilizar aos operadores, quando integrado num ambiente 4G com suporte de mobilidade e QoS. Nomeadamente é discutida a sua aplicabildiade tendo em linha de conta as desvantagens introduzidas pelas características inerentes à própria tecnologia.Broadcast of video and audio through analogical television completely changed the paradigm of information and entertainment divulgation. Today, in the “digital era”, the Analogue Switch Off revolution is being held. Manufacturers and operators already show concerns regarding the support of mobility, quality of experience and of service. Delivering competitive High Definition contents and providing solutions for the average “on-the-move” user are two of the most important issues to be dealt by the service providers, which are also within the analysis scope of this work. This dissertation presents an overview on the most relevant broadcast technologies which are assumed to be of relative acceptance in their respective target market. It presents their main characteristics and applicability. 4G architectural concepts are also analyzed, closely dealing with mobility and quality of service provisioning, with particular focus on the seamless integration of broadcast technologies. As a mean to evaluate the feasibility of integrating broadcast technologies with 4G architectures, a performance evaluation study was performed using commercial equipment. In this way a several set of considerations constructed illustrating the features and functionalities which operators can expect or disregard from professional commercial broadcasting devices. Results allow the withdrawing of conclusions concerning the integration of a final broadcasting solution when incorporated within a 4G environment with QoS and mobility support. Its applicability is evaluated having in mind the performance drawbacks introduced by the specific technology, and generalized towards the gathering of more general conclusions which consider the main characteristics of the commercial broadcasting devices

Efficient Packet-Drop Thwarting and User-Privacy Preserving Protocols for Multi-hop Wireless Networks

In multi-hop wireless network (MWN), the mobile nodes relay others’ packets for enabling new applications and enhancing the network deployment and performance. However, the selfish nodes drop the packets because packet relay consumes their resources without benefits, and the malicious nodes drop the packets to launch Denial-of-Service attacks. Packet drop attacks adversely degrade the network fairness and performance in terms of throughput, delay, and packet delivery ratio. Moreover, due to the nature of wireless transmission and multi-hop packet relay, the attackers can analyze the network traffic in undetectable way to learn the users’ locations in number of hops and their communication activities causing a serious threat to the users’ privacy. In this thesis, we propose efficient security protocols for thwarting packet drop attacks and preserving users’ privacy in multi-hop wireless networks. First, we design a fair and efficient cooperation incentive protocol to stimulate the selfish nodes to relay others’ packets. The source and the destination nodes pay credits (or micropayment) to the intermediate nodes for relaying their packets. In addition to cooperation stimulation, the incentive protocol enforces fairness by rewarding credits to compensate the nodes for the consumed resources in relaying others’ packets. The protocol also discourages launching Resource-Exhaustion attacks by sending bogus packets to exhaust the intermediate nodes’ resources because the nodes pay for relaying their packets. For fair charging policy, both the source and the destination nodes are charged when the two nodes benefit from the communication. Since micropayment protocols have been originally proposed for web-based applications, we propose a practical payment model specifically designed for MWNs to consider the significant differences between web-based applications and cooperation stimulation. Although the non-repudiation property of the public-key cryptography is essential for securing the incentive protocol, the public-key cryptography requires too complicated computations and has a long signature tag. For efficient implementation, we use the public-key cryptography only for the first packet in a series and use the efficient hashing operations for the next packets, so that the overhead of the packet series converges to that of the hashing operations. Since a trusted party is not involved in the communication sessions, the nodes usually submit undeniable digital receipts (proofs of packet relay) to a centralized trusted party for updating their credit accounts. Instead of submitting large-size payment receipts, the nodes submit brief reports containing the alleged charges and rewards and store undeniable security evidences. The payment of the fair reports can be cleared with almost no processing overhead. For the cheating reports, the evidences are requested to identify and evict the cheating nodes. Since the cheating actions are exceptional, the proposed protocol can significantly reduce the required bandwidth and energy for submitting the payment data and clear the payment with almost no processing overhead while achieving the same security strength as the receipt-based protocols. Second, the payment reports are processed to extract financial information to reward the cooperative nodes, and contextual information such as the broken links to build up a trust system to measure the nodes’ packet-relay success ratios in terms of trust values. A node’s trust value is degraded whenever it does not relay a packet and improved whenever it does. A node is identified as malicious and excluded from the network once its trust value reaches to a threshold. Using trust system is necessary to keep track of the nodes’ long-term behaviors because the network packets may be dropped normally, e.g., due to mobility, or temporarily, e.g., due to network congestion, but the high frequency of packet drop is an obvious misbehavior. Then, we propose a trust-based and energy-aware routing protocol to route traffics through the highly trusted nodes having sufficient residual energy in order to establish stable routes and thus minimize the probability of route breakage. A node’s trust value is a real and live measurement to the node’s failure probability and mobility level, i.e., the low-mobility nodes having large hardware resources can perform packet relay more efficiently. In this way, the proposed protocol stimulates the nodes not only to cooperate but also to improve their packet-relay success ratio and tell the truth about their residual energy to improve their trust values and thus raise their chances to participate in future routes. Finally, we propose a privacy-preserving routing and incentive protocol for hybrid ad hoc wireless network. Micropayment is used to stimulate the nodes’ cooperation without submitting payment receipts. We only use the lightweight hashing and symmetric-key-cryptography operations to preserve the users’ privacy. The nodes’ pseudonyms are efficiently computed using hashing operations. Only trusted parties can link these pseudonyms to the real identities for charging and rewarding operations. Moreover, our protocol protects the location privacy of the anonymous source and destination nodes. Extensive analysis and simulations demonstrate that our protocols can secure the payment and trust calculation, preserve the users’ privacy with acceptable overhead, and precisely identify the malicious and the cheating nodes. Moreover, the simulation and measurement results demonstrate that our routing protocols can significantly improve route stability and thus the packet delivery ratio due to stimulating the selfish nodes’ cooperation, evicting the malicious nodes, and making informed decisions regarding route selection. In addition, the processing and submitting overheads of the payment-reports are incomparable with those of the receipts in the receipt-based incentive protocols. Our protocol also requires incomparable overhead to the signature-based protocols because the lightweight hashing operations dominate the nodes’ operations

Secure Incentives to Cooperate for Wireless Networks

The operating principle of certain wireless networks makes essential the cooperation between the mobile nodes. However, if each node is an autonomous selfish entity, cooperation is not guaranteed and therefore we need to use incentive techniques. In this thesis, we study cooperation in three different types of networks: WiFi networks, Wireless Mesh Networks (WMNs), and Hybrid Ad-hoc networks. Cooperation has a different goal for each of these networks, we thus propose incentive mechanisms adapted to each case. In the first chapter of this thesis, we consider WiFi networks whose wide-scale adoption is impeded by two major hurdles: the lack of a seamless roaming scheme and the variable QoS experienced by the users. We devise a reputation-based solution that (i) allows a mobile node to connect to a foreign Wireless ISP in a secure way while preserving his anonymity and (ii) encourages the WISPs to cooperate, i.e., to provide the mobile clients with a good QoS. Cooperation appears here twofold: First, the mobile clients have to collaborate in order to build and maintain the reputation system and second, the use of this reputation system encourages the WISPs to cooperate. We show, by means of simulations, that our reputation model indeed encourages the WISPs to behave correctly and we analyze the robustness of our solution against various attacks. In the second chapter of the thesis, we consider Wireless Mesh Networks (WMNs), a new and promising paradigm that uses multi-hop communications to extend WiFi networks. Indeed, by connecting only one hot spot to the Internet and by deploying several Transit Access Points (TAPs), a WISP can extend its coverage and serve a large number of clients at a very low cost. We analyze the characteristics of WMNs and deduce three fundamental network operations that need to be secured: (i) the routing protocol, (ii) the detection of corrupt TAPs and (iii) the enforcement of a proper fairness metric in WMNs. We focus on the fairness problem and propose FAME, an adaptive max-min fair resource allocation mechanism for WMNs. FAME provides a fair, collision-free capacity use of the WMN and automatically adjusts to the traffic demand fluctuations of the mobile clients. We develop the foundations of the mechanism and demonstrate its efficiency by means of simulations. We also experimentally assess the utility of our solution when TAPs are equipped with directional antennas and distinct sending and receiving interfaces in the Magnets testbed deployed in Berlin. In the third and last chapter of this thesis, we consider Hybrid Ad-hoc networks, i.e., infrastructured networks that are extended using multi-hop communications. We propose a secure set of protocols to encourage the most fundamental operation in these networks, namely packet forwarding. This solution is based on a charging and rewarding system. We use "MAC layering" to reduce the space overhead in the packets and a stream cipher encryption mechanism to provide "implicit authentication" of the nodes involved in the communication. We analyze the robustness of our protocols against rational and malicious attacks. We show that the use of our solution makes cooperation rational for selfish nodes. We also show that our protocols thwart rational attacks and detect malicious attacks