Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

Hybrid Satellite-Terrestrial Communication Networks for the Maritime Internet of Things: Key Technologies, Opportunities, and Challenges

With the rapid development of marine activities, there has been an increasing number of maritime mobile terminals, as well as a growing demand for high-speed and ultra-reliable maritime communications to keep them connected. Traditionally, the maritime Internet of Things (IoT) is enabled by maritime satellites. However, satellites are seriously restricted by their high latency and relatively low data rate. As an alternative, shore & island-based base stations (BSs) can be built to extend the coverage of terrestrial networks using fourth-generation (4G), fifth-generation (5G), and beyond 5G services. Unmanned aerial vehicles can also be exploited to serve as aerial maritime BSs. Despite of all these approaches, there are still open issues for an efficient maritime communication network (MCN). For example, due to the complicated electromagnetic propagation environment, the limited geometrically available BS sites, and rigorous service demands from mission-critical applications, conventional communication and networking theories and methods should be tailored for maritime scenarios. Towards this end, we provide a survey on the demand for maritime communications, the state-of-the-art MCNs, and key technologies for enhancing transmission efficiency, extending network coverage, and provisioning maritime-specific services. Future challenges in developing an environment-aware, service-driven, and integrated satellite-air-ground MCN to be smart enough to utilize external auxiliary information, e.g., sea state and atmosphere conditions, are also discussed

Supporting Large Scale Communication Systems on Infrastructureless Networks Composed of Commodity Mobile Devices: Practicality, Scalability, and Security.

Infrastructureless Delay Tolerant Networks (DTNs) composed of commodity mobile devices have the potential to support communication applications resistant to blocking and censorship, as well as certain types of surveillance. In this thesis we study the utility, practicality, robustness, and security of these networks. We collected two sets of wireless connectivity traces of commodity mobile devices with different granularity and scales. The first dataset is collected through active installation of measurement software on volunteer users' own smartphones, involving 111 users of a DTN microblogging application that we developed. The second dataset is collected through passive observation of WiFi association events on a university campus, involving 119,055 mobile devices. Simulation results show consistent message delivery performances of the two datasets. Using an epidemic flooding protocol, the large network achieves an average delivery rate of 0.71 in 24 hours and a median delivery delay of 10.9 hours. We show that this performance is appropriate for sharing information that is not time sensitive, e.g., blogs and photos. We also show that using an energy efficient variant of the epidemic flooding protocol, even the large network can support text messages while only consuming 13.7% of a typical smartphone battery in 14 hours. We found that the network delivery rate and delay are robust to denial-of-service and censorship attacks. Attacks that randomly remove 90% of the network participants only reduce delivery rates by less than 10%. Even when subjected to targeted attacks, the network suffered a less than 10% decrease in delivery rate when 40% of its participants were removed. Although structurally robust, the openness of the proposed network introduces numerous security concerns. The Sybil attack, in which a malicious node poses as many identities in order to gain disproportionate influence, is especially dangerous as it breaks the assumption underlying majority voting. Many defenses based on spatial variability of wireless channels exist, and we extend them to be practical for ad hoc networks of commodity 802.11 devices without mutual trust. We present the Mason test, which uses two efficient methods for separating valid channel measurement results of behaving nodes from those falsified by malicious participants.PhDElectrical Engineering: SystemsUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/120779/1/liuyue_1.pd

Performance and energy efficiency in wireless self-organized networks

fi=vertaisarvioitu|en=peerReviewed

From cellular networks to mobile cloud computing: security and efficiency of smartphone systems.

In my first year of my Computer Science degree, if somebody had told me that the few years ahead of me could have been the last ones of the so-called PC-era, I would have hardly believed him. Sure, I could imagine computers becoming smaller, faster and cheaper, but I could have never imagined that in such a short time the focus of the market would have so dramatically shifted from PCs to personal devices. Today, smartphones and tablets have become our inseparable companions, changing for the better numerous aspects of our daily life. The way we plan our days, we communicate with people, we listen to music, we search for information, we take pictures, we spend our free time and the way we note our ideas has been totally revolutionized thanks to them. At the same time, thanks also to the rapid growth of the Cloud Computing based services, most of our data and of the Internet services that we use every day are just a login-distance away from any device connected to the Internet that we can find around us. We can edit our documents, look our and our friends’ pictures and videos, share our thoughts, access our bank account, pay our taxes using a familiar interface independently from where we are. What is the most fascinating thing is that all these new possibilities are not anymore at the hand of technically-savvy geeks only, but they are available to newer and older generations alike thanks to the efforts that recently have been put into building user interfaces that feel more natural and intuitive even to totally unexperienced users. Despite of that, we are still far from an ideal world. Service providers, software engineers, hardware manufacturers and security experts are having a hard time in trying to satisfy the always growing expectations of a number of users that is steadily increasing every day. People are always longing for faster mobile connectivity at lower prices, for longer lasting batteries and for more powerful devices. On top of that, users are more and more exposed to new security threats, either because they tend to ignore even the most basic security-practices, or because virus writers have found new ways to exploit the now world-sized market of mobile devices. For instance, more people accessing the Internet from their mobile devices forces the existing network infrastructure to be continuously updated in order to cope with the constantly increase in data consumption. As a consequence, AT&T’s subscribers in the United States were getting extremely slow or no service at all because of the mobile network straining to meet iPhone users’ demand [5]. The company switched from unlimited traffic plans to tiered pricing for mobile data users in summer 2010. Similarly, Dutch T-Mobile’s infrastructure has not been able to cope with intense data traffic, thus forcing the company to issue refunds for affected users [6]. Another important aspect is that of mobile security. Around a billion of people today have their personal information on Facebook and half of them access Facebook from their mobile phone [7]; the size of the online-banking in America has almost doubled since 2004, with 16% of the American mobile users conducting financial-related activities from their mobile device [8]; on 2010, customers spent one billion of dollars buying products on Amazon via mobile devices [9]. These numbers give an idea of the amount of people that today could find themselves in trouble by not giving enough care into protecting their mobile device from unauthorized access. A distracted user who loses his phone, or just forgets it in a public place, even if for a short time only, could allow someone else to get unrestrained access to his online identity. By copying the contents of the phone, including passwords and access keys, an attacker could steal money from the user’s bank account, read the user’s emails, steal the user’s personal files stored on the cloud, use the user’s personal information to conduct scams, frauds, and other crimes using his name and so on. But identity theft is not the only security problem affecting mobile users. Between 2011 and 2012, the number of unique viruses and malwares targeting mobile devices has increased more than six times, according to a recent report [10]. Typically, these try to get installed in the target device by convincing the user to download an infected app, or by making them follow a link to a malicious web site. The problems just exposed are major issues affecting user’s experience nowadays. We believe that finding effective, yet simple and widely adoptable solutions may require a new point of view, a shift in the way these problems are tackled. For these reasons, we evaluated the possibility of using a hybrid approach, that is, one where different technologies are brought together to create new, previously unexplored solutions. We started by considering the issues affecting the mobile network infrastructure. While it is true that the usage of mobile connectivity has significantly increased over the past few years, it is also true that socially close users tend to be interested in the same content, like, the same Youtube videos, the same application updates, the same news and so on. By knowing that, operators, instead of spending billions [11] to update their mobile network, could try an orthogonal approach and leverage an ad-hoc wireless network between the mobile devices, referred to in literature as Pocket Switched Networks [12]. Indeed, most of the smartphones on the market today are equipped with short-ranged radio interfaces (i.e., Bluetooth, WiFi) that allow them to exchange data whenever they are close enough to each other. Popular data could be then stored and transferred directly between devices in the same social context in an ad-hoc fashion instead of being downloaded multiple times from the mobile network. We therefore studied the possibility of channeling traffic to a few, socially important users in the network called VIP delegates, that can help distributing contents to the rest of the network. We evaluated VIP selection strategies that are based on the properties of the social network between mobile devices users. In Chapter 2, through extensive evaluations with real and synthetic traces, we show the effectiveness of VIP delegation both in terms of coverage and required number of VIPs – down to 7% in average of VIPs are needed in campus-like scenarios to offload about 90% of the traffic. These results have also been presented in [1]. Next we moved to the security issues. On of the highest threats to the security of mobile users is that of an identity theft performed using the data stored on the device. The problem highlighted by this kind of attacks is that the most commonly used authentication mechanisms completely fail to distinguish the honest user from somebody who just happens to know the user’s login credentials or private keys. To be resistant to identity theft attacks, an authentication mechanism should, instead, be built to leverage some intrinsic and difficult to replicate characteristic of each user. We proposed the Personal Marks and Community Certificates systems with this aim in mind. They constitute an authentication mechanism that uses the social context sensed by the smartphone by means of Bluetooth or WiFi radios as a biometric way to identify the owner of a device. Personal Marks is a simple cryptographic protocol that works well when the attacker tries to use the stolen credentials in the social community of the victim. Community Certificates works well when the adversary has the goal of using the stolen credentials when interacting with entities that are far from the social network of the victim. When combined, these mechanisms provide an excellent protection against identity theft attacks. In Chapter 3 we prove our ideas and solutions with extensive simulations in both simulated and real world scenarios—with mobility traces collected in a real life experiment. This study appeared in [2]. Another way of accessing the private data of a user, other than getting physical access to his device, could be by means of a malware. An emerging trend in the way people are fooled into installing malware-infected apps is that of exploiting existing trust relationships between socially close users, like those between Facebook friends. In this way, the malware can rapidly expand through social links from a small set of infected devices towards the rest of the network. In our quest for hybrid solutions to the problem of malware spreading in social networks of mobile users we developed a novel approach based on the Mobile Cloud Computing paradigm. In this new paradigm, a mobile device can alleviate the burden of computationally intensive tasks by offloading them to a software clone running on the cloud. Also, the clones associated to devices of users in the same community are connected in a social peer-to-peer network, thus allowing lightweight content sharing between friends. CloudShield is a suite of protocols that provides an efficient way stop the malware spread by sending a small set of patches from the clones to the infected devices. Our experiments on different datasets show that CloudShield is able to better and more efficiently contain malware spreading in mobile wireless networks than the state-of-the-art solutions presented in literature. These findings (which are not included in this dissertation) appeared in [3] and are the result of a joint work with P.h.D student S. Kosta from Sapienza University. My main contribution to this work was in the simulation of both the malware spreading and of the patching protocol schemes on the different social networks datasets. The Mobile Cloud Computing paradigm seems to be an excellent resource for mobile systems. It alleviates battery consumption on smartphones, it helps backing up user’s data on-the-fly and, as CloudShield proves, it can also be used to find new, effective, solutions to existing problems. However, the communication between the mobile devices and their clones needed by such paradigm certainly does not come for free. It costs both in terms of bandwidth (the traffic overhead to communicate with the cloud) and in terms of energy (computation and use of network interfaces on the device). Being aware of the issues that heavy computation or communication can cause to both the battery life of the devices [13], and to the mobile infrastructure, we decided to study the actual feasibility of both mobile computation offloading and mobile software/data backups in real-life scenarios. In our study we considered two types of clones: The off-clone, whose purpose is to support computation offloading, and the back-clone, which comes to use when a restore of user’s data and apps is needed. In Chapter 5 we give a precise evaluation of the feasibility and costs of both off-clones and back-clones in terms of bandwidth and energy consumption on the real device. We achieved this by means measurements done on a real testbed of 11 Android smartphones and on their relative clones running on the Amazon EC2 public cloud. The smartphones have been used as the primary mobile by the participants for the whole experiment duration. This study has been presented in [4] and is the result of a collaboration with P.h.D. Student S. Kosta from Sapienza University. S. Kosta mainly contributed to the experimental setup, deployment of the testbed and data collection

Design and evaluation of a self-configuring wireless mesh network architecture

Wireless network connectivity plays an increasingly important role in supporting our everyday private and professional lives. For over three decades, self-organizing wireless multi-hop ad-hoc networks have been investigated as a decentralized replacement for the traditional forms of wireless networks that rely on a wired infrastructure. However, despite the tremendous efforts of the international wireless research community and widespread availability of devices that are able to support these networks, wireless ad-hoc networks are hardly ever used. In this work, the reasons behind this discrepancy are investigated. It is found that several basic theoretical assumptions on ad-hoc networks prove to be wrong when solutions are deployed in reality, and that several basic functionalities are still missing. It is argued that a hierarchical wireless mesh network architecture, in which specialized, multi-interfaced mesh nodes form a reliable multi-hop wireless backbone for the less capable end-user clients is an essential step in bringing the ad-hoc networking concept one step closer to reality. Therefore, in a second part of this work, algorithms increasing the reliability and supporting the deployment and management of these wireless mesh networks are developed, implemented and evaluated, while keeping the observed limitations and practical considerations in mind. Furthermore, the feasibility of the algorithms is verified by experiment. The performance analysis of these protocols and the ability to deploy the developed algorithms on current generation off-the-shelf hardware indicates the successfulness of the followed research approach, which combines theoretical considerations with practical implementations and observations. However, it was found that there are also many pitfalls to using real-life implementation as a research technique. Therefore, in the last part of this work, a methodology for wireless network research using real-life implementation is developed, allowing researchers to generate more reliable protocols and performance analysis results with less effort

A study on stryi-icnos potatorum and pisum sativum as natural coagulants for meat food processing wastewater

Slow maintained load test is widely used by contractors in Malaysia to ensure the driven pile could accommodate the design load of the structure. Slow maintained load test is a test to determine load-settlement curve and pile capacity for a period of time using conventional load test. Conventional static pile load test equipment is large in size thus making it heavier and takes a long time to install. In addition, it consumes a lot of space which causes congestion at construction sites. Therefore, the objective of this thesis is to conduct a conventional load test by replacing the pile kentledge load with anchorage and reaction pile. Preparations of ten designs comprising six commercial designs were reviewed. In addition, four proposed designs were suggested for the setup. Final design was produced based on its safety factors and criteria referred via literature review. The test frame consists of reaction frame with four reaction helical pile with two helixes per reaction pile. The deformation shapes, safety factor, stress, and strain of the design and finite element of the model has been analysed with the use of SolidWorks and Pia.xis 30 software. SolidWorks software emphasizes on the model load-deflection relationship while Plaxis 30 ensures a correlation of reaction between pile uplift force and soil. Then, the model was tested on site to determine the relationship between physical load­deflection and pile-soil uplift force. The results of uplift force and displacement for numerical and physical test were nearly identical which increment of load­displacement graph pattern. The higher the uplift force, the higher the displacement obtained. In conclusion, the result obtained and the design may be considered as a guideline for future application of sustainable slow maintained pile load test

Energy efficient wireless sensor network protocols for monitoring and prognostics of large scale systems

In this work, energy-efficient protocols for wireless sensor networks (WSN) with applications to prognostics are investigated. Both analytical methods and verification are shown for the proposed methods via either hardware experiments or simulation. This work is presented in five papers. Energy-efficiency methods for WSN include distributed algorithms for i) optimal routing, ii) adaptive scheduling, iii) adaptive transmission power and data-rate control --Abstract, page iv