189 research outputs found
A Taxonomy on Misbehaving Nodes in Delay Tolerant Networks
Delay Tolerant Networks (DTNs) are type of Intermittently Connected Networks (ICNs) featured by long delay, intermittent connectivity, asymmetric data rates and high error rates. DTNs have been primarily developed for InterPlanetary Networks (IPNs), however, have shown promising potential in challenged networks i.e. DakNet, ZebraNet, KioskNet and WiderNet. Due to unique nature of intermittent connectivity and long delay, DTNs face challenges in routing, key management, privacy, fragmentation and misbehaving nodes. Here, misbehaving nodes i.e. malicious and selfish nodes launch various attacks including flood, packet drop and fake packets attack, inevitably overuse scarce resources (e.g., buffer and bandwidth) in DTNs. The focus of this survey is on a review of misbehaving node attacks, and detection algorithms. We firstly classify various of attacks depending on the type of misbehaving nodes. Then, detection algorithms for these misbehaving nodes are categorized depending on preventive and detective based features. The panoramic view on misbehaving nodes and detection algorithms are further analyzed, evaluated mathematically through a number of performance metrics. Future directions guiding this topic are also presented
A Review on Security Attacks in Vehicular Ad hoc Network
Whenever a communication takes place between two or more vehicles there has been a need for protection. The attacker can gain access to the network by compromising either the vehicle or road side unit or the communication medium that transfers the messages between vehicles. Vehicular Ad hoc Network (VANET) have motivated the interest towards the passenger comfort and secure driving environment. However, the open-wide communication becomes a tedious challenge for VANET organization. Because of the wireless self-structured background, VANET are prone to many attackers. In this paper, we are focusing on security issues like DoS, Sybil, DDoS, jamming and flooding attacks as well as techniques like TESLA which causes harm to VANET and also security countermeasures like digital signature which are used to prevent the mentioned security issues that alleviate VANET
Mobile Ad-Hoc Networks
Being infrastructure-less and without central administration control, wireless ad-hoc networking is playing a more and more important role in extending the coverage of traditional wireless infrastructure (cellular networks, wireless LAN, etc). This book includes state-of-the-art techniques and solutions for wireless ad-hoc networks. It focuses on the following topics in ad-hoc networks: quality-of-service and video communication, routing protocol and cross-layer design. A few interesting problems about security and delay-tolerant networks are also discussed. This book is targeted to provide network engineers and researchers with design guidelines for large scale wireless ad hoc networks
A countermeasure approach for brute-force timing attacks on cache privacy in named data networking architectures
One key feature of named data networks (NDN) is supporting in-network caching to increase the content distribution for today’s Internet needs. However, previously cached contents may be threatened by side-channel timing measurements/attacks. For example, one adversary can identify previously cached contents by distinguishing between uncached and cached contents from the in-network caching node, namely the edge NDN router. The attacks can be mitigated by the previously proposed methods effectively. However, these countermeasures may be against the NDN paradigm, affecting the content distribution performance. This work studied the side-channel timing attack on streaming over NDN applications and proposed a capable approach to mitigate it. Firstly, a recent side-channel timing attack, designated by brute-force, was implemented on ndnSIM using the AT&T network topology. Then, a multi-level countermeasure method, designated by detection and defense (DaD), is proposed to mitigate this attack. Simulation results showed that DaD distinguishes between legitimate and adversary nodes. During the attack, the proposed DaD multi-level approach achieved the minimum cache hit ratio (≈0.7%) compared to traditional countermeasures (≈4.1% in probabilistic and ≈3.7% in freshness) without compromising legitimate requests.This work has been supported by FCT - Fundação para a Ciência e Tecnologia within the R&D Units Project Scope: UIDB/00319/2020
Information fusion architectures for security and resource management in cyber physical systems
Data acquisition through sensors is very crucial in determining the operability of the observed physical entity. Cyber Physical Systems (CPSs) are an example of distributed systems where sensors embedded into the physical system are used in sensing and data acquisition. CPSs are a collaboration between the physical and the computational cyber components. The control decisions sent back to the actuators on the physical components from the computational cyber components closes the feedback loop of the CPS. Since, this feedback is solely based on the data collected through the embedded sensors, information acquisition from the data plays an extremely vital role in determining the operational stability of the CPS. Data collection process may be hindered by disturbances such as system faults, noise and security attacks. Hence, simple data acquisition techniques will not suffice as accurate system representation cannot be obtained. Therefore, more powerful methods of inferring information from collected data such as Information Fusion have to be used.
Information fusion is analogous to the cognitive process used by humans to integrate data continuously from their senses to make inferences about their environment. Data from the sensors is combined using techniques drawn from several disciplines such as Adaptive Filtering, Machine Learning and Pattern Recognition. Decisions made from such combination of data form the crux of information fusion and differentiates it from a flat structured data aggregation. In this dissertation, multi-layered information fusion models are used to develop automated decision making architectures to service security and resource management requirements in Cyber Physical Systems --Abstract, page iv
FAPMIC: Fake Packet and Selective Packet Drops Attacks Mitigation By Merkle Hash Tree in Intermittently Connected Networks
Delay/Disruption Tolerant Networks (DTNs) are a special category of IntermittentlyConnectedNetworks (ICNs). It has features such as long-delay, frequent-disruption, asymmetrical-data-rates, and high-bundle-error-rates. DTNs have been mainly developed for planet-to-planet networks, commonly known as Inter-Planetary-Networks (IPNs). However, DTNs have shown undimmed potency in challenged communication networks, such as DakNet, ZebraNet, KioskNet and WiderNet. Due to unique characteristics (Intermittent-connectivity and long-delay) DTNs face tough/huge/several challenges in various research areas i.e bundle-forwarding, key-distribution, privacy, bundle-fragmentation, and malicious/selfish nodes particularly. Malicious/selfish nodes launch various catastrophic attacks, this includes, fake packet attacks, selective packet drops attacks, and denial-of-service/flood attacks. These attacks inevitably consume limited resources (persistent-buffer and bandwidth) in DTNs. Fake-packet and selective-packet-drops attacks are top among the challenging attacks in ICNs. The focus of this article is on critical analyses of fake-packet and selective-packet-drops attacks. The panoramic view on misbehavior nodes mitigation algorithms are analyzed, and evaluated mathematically through several parameters for detection probability/accuracy. This article presents a novel algorithm to detects/mitigates fake-packet and selective-packet-drops attacks. Trace-driven simulation results show the proposed algorithm of this article accurately (enhanced detection accuracy, reduces false-positive/false-negative rates) detects malicious nodes which launch fake-packet and selective-packet-drops attacks, unlike previously proposed algorithms which detect only one attack (fake-packet or packet-drops at a time) or detect only malicious path (do not exactly detect malicious nodes which launch attacks)
Telecommunications Networks
This book guides readers through the basics of rapidly emerging networks to more advanced concepts and future expectations of Telecommunications Networks. It identifies and examines the most pressing research issues in Telecommunications and it contains chapters written by leading researchers, academics and industry professionals. Telecommunications Networks - Current Status and Future Trends covers surveys of recent publications that investigate key areas of interest such as: IMS, eTOM, 3G/4G, optimization problems, modeling, simulation, quality of service, etc. This book, that is suitable for both PhD and master students, is organized into six sections: New Generation Networks, Quality of Services, Sensor Networks, Telecommunications, Traffic Engineering and Routing
Recommended from our members
Secure multi-constrained QoS reliable routing algorithm for vehicular ad hoc networks (VANETs)
This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University LondonVehicular Ad hoc Networks (VANETs) are a particular form of wireless network made by vehicles communicating among themselves and with roadside base stations. A wide range of services has been developed for VANETs ranging from safety to infotainment applications. A key requirement for such services is that they are offered with Quality of Service (QoS) guarantees in terms of service reliability and availability. Furthermore, due to the openness of VANET’s wireless channels to both internal and external attacks, the application of security mechanisms is mandatory to protect the offered QoS guarantees. QoS routing plays an essential role in identifying routes that meet the QoS requirements of the offered service over VANETs. However, searching for feasible routes subject to multiple QoS constraints is in general an NP-hard problem. Moreover, routing reliability needs to be given special attention as communication links frequently break in VANETs. To date, most existing QoS routing algorithms are designed for stable networks without considering the security of the routing process. Therefore, they are not suitable for applications in VANETs. In this thesis, the above issues are addressed firstly by developing a link reliability model based on the topological and mathematical properties of vehicular movements and velocities. Evolving graph theory is then utilised to model the VANET communication graph and integrate the developed link reliability model into it. Based on the resulting extended evolving graph model, the most reliable route in the network is picked. Secondly, the situational awareness model is applied to the developed reliable routing process because picking the most reliable route does not guarantee reliable transmission. Therefore, a situation-aware reliable multipath routing algorithm for VANETs is proposed. Thirdly, the Ant Colony Optimisation (ACO) technique is employed to propose an Ant-based multi-constrained QoS (AMCQ) routing algorithm for VANETs. AMCQ is designed to give significant advantages to the implementation of security mechanisms that are intended to protect the QoS routing process. Finally, a novel set of security procedures is proposed to defend the routing process against external and internal threats. Simulation results demonstrate that high levels of QoS can be still guaranteed by AMCQ even when the security procedures are applied
Recommended from our members
Modelling and Quantitative Analysis of Performance vs Security Trade-offs in Computer Networks: An investigation into the modelling and discrete-event simulation analysis of performance vs security trade-offs in computer networks, based on combined metrics and stochastic activity networks (SANs)
Performance modelling and evaluation has long been considered of paramount
importance to computer networks from design through development, tuning and
upgrading. These networks, however, have evolved significantly since their first introduction
a few decades ago. The Ubiquitous Web in particular with fast-emerging
unprecedented services has become an integral part of everyday life. However, this
all is coming at the cost of substantially increased security risks. Hence cybercrime is
now a pervasive threat for today’s internet-dependent societies. Given the frequency
and variety of attacks as well as the threat of new, more sophisticated and destructive
future attacks, security has become more prevalent and mounting concern in
the design and management of computer networks. Therefore equally important if
not more so is security.
Unfortunately, there is no one-size-fits-all solution to security challenges. One security
defence system can only help to battle against a certain class of security threats. For overall security, a holistic approach including both reactive and proactive
security measures is commonly suggested. As such, network security may have
to combine multiple layers of defence at the edge and in the network and in its
constituent individual nodes.
Performance and security, however, are inextricably intertwined as security measures
require considerable amounts of computational resources to execute. Moreover, in
the absence of appropriate security measures, frequent security failures are likely
to occur, which may catastrophically affect network performance, not to mention
serious data breaches among many other security related risks.
In this thesis, we study optimisation problems for the trade-offs between performance
and security as they exist between performance and dependability. While
performance metrics are widely studied and well-established, those of security are
rarely defined in a strict mathematical sense. We therefore aim to conceptualise and
formulate security by analogy with dependability so that, like performance, it can
be modelled and quantified.
Having employed a stochastic modelling formalism, we propose a new model for a
single node of a generic computer network that is subject to various security threats.
We believe this nodal model captures both performance and security aspects of a
computer node more realistically, in particular the intertwinements between them.
We adopt a simulation-based modelling approach in order to identify, on the basis
of combined metrics, optimal trade-offs between performance and security and facilitate
more sophisticated trade-off optimisation studies in the field.
We realise that system parameters can be found that optimise these abstract combined
metrics, while they are optimal neither for performance nor for security individually.
Based on the proposed simulation modelling framework, credible numerical
experiments are carried out, indicating the scope for further work extensions for a
systematic performance vs security tuning of computer networks
- …