Routing and Security in Mobile Ad Hoc Networks

A Mobile Ad hoc Network (MANET) consists of a set of nodes which can form a network among themselves. MANETs have applications in areas such as military, disaster rescue operations, monitoring animal habitats, etc. where establishing fixed communication infrastructure is not feasible. Routing protocols designed for MANETs can be broadly classified as position-based (geographic), topology-based and hybrid. Geographic routing uses location information of nodes to route messages. Topology-based routing uses network state information for route discovery and maintenance. Hybrid routing protocols use features in both position-based and topology-based approaches. Position-based routing protocols route packets towards the destination using greedy forwarding (i.e., an intermediate node forwards packets to a neighbor that is closer to the destination than itself). If a node has no neighbor that is closer to the destination than itself, greedy forwarding fails. In this case, we say there is void. Different position-based routing protocols use different methods for dealing with voids. Topology-based routing protocols can be classified into on-demand (reactive) routing protocols and proactive routing protocols. Generally, on-demand routing protocols establish routes when needed by flooding route requests throughout the entire network, which is not a scalable approach. Reactive routing protocols try to maintain routes between every pair of nodes by periodically exchanging messages with each other which is not a scalable approach also. This thesis addresses some of these issues and makes the following contribution. First, we present a position-based routing protocol called Greedy Routing Protocol with Backtracking (GRB) which uses a simple backtracking technique to route around voids, unlike existing position-based routing protocols which construct planarized graph of the local network to route around voids. We compare the performance of our protocol with the well known Greedy Perimeter Stateless Routing (GPSR) protocol and the Ad-Hoc On-demand Distance Vector (AODV) routing protocol as well as the Dynamic Source Routing (DSR) protocol. Performance evaluation shows that our protocol has less control overhead than those of DSR, AODV, and GPSR. Performance evaluation also shows that our protocol has a higher packet-delivery ratio, lower end-to-end delay, and less hop count, on average, compared to AODV, DSR and GPSR. We then present an on-demand routing protocol called ``Hybrid On-demand Greedy Routing Protocol with Backtracking for Mobile Ad-Hoc Networks which uses greedy approach for route discovery. This prevents flooding route requests, unlike the existing on-demand routing protocols. This approach also helps in finding routes that have lower hop counts than AODV and DSR. Our performance evaluation confirms that our protocol performs better than AODV and DSR, on average, with respect to hop count, packet-delivery ratio and control overhead. In MANETs, all nodes need to cooperate to establish routes. Establishing secure and valid routes in the presence of adversaries is a challenge in MANETs. Some of the well-known source routing protocols presented in the literature (e.g., Ariadne and endairA) which claim to establish secure routes are susceptible to hidden channel attacks. We address this issue and present a secure routing protocol called SAriadne, based on sanitizable signatures. We show that our protocol detects and prevents hidden channel attacks

Non-Hierarchical Networks for Censorship-Resistant Personal Communication.

The Internet promises widespread access to the world’s collective information and fast communication among people, but common government censorship and spying undermines this potential. This censorship is facilitated by the Internet’s hierarchical structure. Most traffic flows through routers owned by a small number of ISPs, who can be secretly coerced into aiding such efforts. Traditional crypographic defenses are confusing to common users. This thesis advocates direct removal of the underlying heirarchical infrastructure instead, replacing it with non-hierarchical networks. These networks lack such chokepoints, instead requiring would-be censors to control a substantial fraction of the participating devices—an expensive proposition. We take four steps towards the development of practical non-hierarchical networks. (1) We first describe Whisper, a non-hierarchical mobile ad hoc network (MANET) architecture for personal communication among friends and family that resists censorship and surveillance. At its core are two novel techniques, an efficient routing scheme based on the predictability of human locations anda variant of onion-routing suitable for decentralized MANETs. (2) We describe the design and implementation of Shout, a MANET architecture for censorship-resistant, Twitter-like public microblogging. (3) We describe the Mason test, amethod used to detect Sybil attacks in ad hoc networks in which trusted authorities are not available. (4) We characterize and model the aggregate behavior of Twitter users to enable simulation-based study of systems like Shout. We use our characterization of the retweet graph to analyze a novel spammer detection technique for Shout.PhDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/107314/1/drbild_1.pd

Scalable and Secure Multicast Routing for Mobile Ad-hoc Networks

Mobile Ad-Hoc Networks (MANETs) are decentralized and autonomous communication systems: They can be used to provide connectivity when a natural disaster has brought down the infrastructure, or they can support freedom of speech in countries with governmental Internet restrictions. MANET design requires careful attention to scalability and security due to low-capacity and error-prone wireless links as well as the openness of these systems. In this thesis, we address the issue of multicast as a means to efficiently support the MANET application of group communication on the network layer. To this aim, we first survey the research literature on the current state of the art in MANET routing, and we identify a gap between scalability and security in multicast routing protocols–two aspects that were only considered in isolation until now. We then develop an explicit multicast protocol based on the design of a secure unicast protocol, aiming to maintain its security properties while introducing minimal overhead. Our simulation results reveal that our protocol reduces bandwidth utilization in group communication scenarios by up to 45 % compared to the original unicast protocol, while providing significantly better resilience under blackhole attacks. A comparison with pure flooding allows us to identify a practical group size limit, and we present ideas for better large-group support

A Taxonomy for and Analysis of Anonymous Communications Networks

Any entity operating in cyberspace is susceptible to debilitating attacks. With cyber attacks intended to gather intelligence and disrupt communications rapidly replacing the threat of conventional and nuclear attacks, a new age of warfare is at hand. In 2003, the United States acknowledged that the speed and anonymity of cyber attacks makes distinguishing among the actions of terrorists, criminals, and nation states difficult. Even President Obama’s Cybersecurity Chief-elect recognizes the challenge of increasingly sophisticated cyber attacks. Now through April 2009, the White House is reviewing federal cyber initiatives to protect US citizen privacy rights. Indeed, the rising quantity and ubiquity of new surveillance technologies in cyberspace enables instant, undetectable, and unsolicited information collection about entities. Hence, anonymity and privacy are becoming increasingly important issues. Anonymization enables entities to protect their data and systems from a diverse set of cyber attacks and preserves privacy. This research provides a systematic analysis of anonymity degradation, preservation and elimination in cyberspace to enhance the security of information assets. This includes discovery/obfuscation of identities and actions of/from potential adversaries. First, novel taxonomies are developed for classifying and comparing well-established anonymous networking protocols. These expand the classical definition of anonymity and capture the peer-to-peer and mobile ad hoc anonymous protocol family relationships. Second, a unique synthesis of state-of-the-art anonymity metrics is provided. This significantly aids an entity’s ability to reliably measure changing anonymity levels; thereby, increasing their ability to defend against cyber attacks. Finally, a novel epistemic-based mathematical model is created to characterize how an adversary reasons with knowledge to degrade anonymity. This offers multiple anonymity property representations and well-defined logical proofs to ensure the accuracy and correctness of current and future anonymous network protocol design

Mechanism design-based leader election scheme for intrusion detection in MANET

We study the leader election in the presence of selfish nodes for intrusion detection systems (IDS) in a mobile ad hoc network (MANET). To balance the resource consumption among all nodes and prolong the lifetime of a MANET, nodes with the most remaining resources should be elected as the leaders. However, without incentives for serving others, a node may behave selfishly by lying about its remaining resource and avoiding being elected. We present a solution based on mechanism design theory. More specifically, we design a scheme for electing cluster leaders that have the following two advantages: First, the collection of elected leaders is the optimal in the sense that the overall resource consumption will be balanced among all nodes in the network overtime. Second, the scheme provides the leaders with incentives in the form of reputation so that nodes are encouraged to honestly participate in the election process. The design of such incentives is based on the Vickrey, Clarke, and Groves (VCG) model by which truth-telling is the dominant strategy for each node. Simulation results show that our scheme can effectively prolong the overall lifetime of IDS in MANET and balance the resource consumptions among all the nodes

Trust Computational Models for Mobile Ad Hoc Networks. Recommendation Based Trustworthiness Evaluation using Multidimensional Metrics to Secure Routing Protocol in Mobile Ad Hoc Networks.

Distributed systems like e-commerce and e-market places, peer-to-peer networks, social networks, and mobile ad hoc networks require cooperation among the participating entities to guarantee the formation and sustained existence of network services. The reliability of interactions among anonymous entities is a significant issue in such environments. The distributed entities establish connections to interact with others, which may include selfish and misbehaving entities and result in bad experiences. Therefore, trustworthiness evaluation using trust management techniques has become a significant issue in securing these environments to allow entities decide on the reliability and trustworthiness of other entities, besides it helps coping with defection problems and stimulating entities to cooperate. Recent models on evaluating trustworthiness in distributed systems have heavily focused on assessing trustworthiness of entities and isolate misbehaviours based on single trust metrics. Less effort has been put on the investigation of the subjective nature and differences in the way trustworthiness is perceived to produce a composite multidimensional trust metrics to overcome the limitation of considering single trust metric. In the light of this context, this thesis concerns the evaluation of entities’ trustworthiness by the design and investigation of trust metrics that are computed using multiple properties of trust and considering environment. Based on the concept of probabilistic theory of trust management technique, this thesis models trust systems and designs cooperation techniques to evaluate trustworthiness in mobile ad hoc networks (MANETs). A recommendation based trust model with multi-parameters filtering algorithm, and multidimensional metric based on social and QoS trust model are proposed to secure MANETs. Effectiveness of each of these models in evaluating trustworthiness and discovering misbehaving nodes prior to interactions, as well as their influence on the network performance has been investigated. The results of investigating both the trustworthiness evaluation and the network performance are promising.Ministry of Higher Education in Libya and the Libyan Cultural Attaché bureau in Londo

Efficient, Reliable and Secure Distributed Protocols for MANETs

This thesis is divided into two parts. The first part explores the difficulties of bootstrapping and maintaining a security infrastructure for military Mobile Ad Hoc NETworks (MANETs). The assumed absence of dedicated infrastructural elements necessitates, that security services in ad hoc networks may be built from the ground up. We develop a cluster algorithm, incorporating a trust metric in the cluster head selection process to securely determine constituting nodes in a distributed Trust Authority (TA) for MANETs. Following this, we develop non-interactive key distribution protocols for the distribution of symmetric keys in MANETs. We explore the computational requirements of our protocols and simulate the key distribution process. The second part of this thesis builds upon the security infrastructure of the first part and examines two distributed protocols for MANETs. Firstly, we present a novel algorithm for enhancing the efficiency and robustness of distributed protocols for contacting TA nodes in MANETs. Our algorithm determines a quorum of trust authority nodes required for a distributed protocol run based upon a set of quality metrics, and establishes an efficient routing strategy to contact these nodes. Secondly, we present a probabilistic path authentication scheme based on message authentication codes (MACs). Our scheme minimises both communication and computation overhead in authenticating the path over which a stream of packets travels and facilitates the detection of adversarial nodes on the path

NETWORK AND DOMAIN AUTOCONFIGURATION: A UNIFIED FRAMEWORK FOR LARGE MOBILE AD HOC NETWORKS

Configuration management is critical to correct and efficient operation of large networks. In those cases where the users and networks are dynamic and ad hoc, manual configuration quickly becomes too complex. The combination of the sheer number of nodes with the heterogeneity and dynamics makes it almost impossible for the system administrator to ensure good configuration or even ensure correct operation. To achieve the vision of pervasive computing, nodes must automatically discover their environment and self-configure, then must automatically reconfigure to adapt to changes. Protocols such as DHCP, DDNS and mDNS provide some degree of host autoconfiguration, but network administrators must still configure information such as address pools, routing protocols, or OSPF routing areas. Only limited progress has been made to automate the configuration of routers, servers and network topology. This dissertation proposes the autoconfiguration of most host, router and server information, including the automatic generation and maintenance of hierarchy, under the same architectural, algorithmic and protocol framework. The proposed unified framework consists of modules (DRCP, DCDP, YAP, ACA) responsible for the entity autoconfiguration and from a modified and well adjusted general optimization (Simulated Annealing) based algorithm for the domain autoconfiguration. Due to the generality of the optimization algorithm, the generated hierarchy can improve dynamically selected network performance aspects represented by appropriately designed objective functions and constraints. An indicative set related to the physical characteristics of the domains and node mobility is provided. Even though SA has been adjusted for faster convergence, it may still be unable to capture the dynamics of rapidly changing networks. Thus, a faster but suboptimal distributed hierarchy generation mechanism that follows the design philosophy of SA-based mechanism has also been introduced. Inevitably, due to network dynamics, the quality of the hierarchy will degrade. In such scenarios, the frequent reapplication of the expensive optimization based hierarchy generation is prohibitive. Hence, for extending the domain formation framework, distributed maintenance mechanisms have been proposed for reconstructing the feasibility and quality of the hierarchy by enforcing localized decisions. The proposed framework has been applied to provide solutions on some realistic network problems related to hierarchical routing and topology control

Mesh-Mon: a Monitoring and Management System for Wireless Mesh Networks

A mesh network is a network of wireless routers that employ multi-hop routing and can be used to provide network access for mobile clients. Mobile mesh networks can be deployed rapidly to provide an alternate communication infrastructure for emergency response operations in areas with limited or damaged infrastructure. In this dissertation, we present Dart-Mesh: a Linux-based layer-3 dual-radio two-tiered mesh network that provides complete 802.11b coverage in the Sudikoff Lab for Computer Science at Dartmouth College. We faced several challenges in building, testing, monitoring and managing this network. These challenges motivated us to design and implement Mesh-Mon, a network monitoring system to aid system administrators in the management of a mobile mesh network. Mesh-Mon is a scalable, distributed and decentralized management system in which mesh nodes cooperate in a proactive manner to help detect, diagnose and resolve network problems automatically. Mesh-Mon is independent of the routing protocol used by the mesh routing layer and can function even if the routing protocol fails. We demonstrate this feature by running Mesh-Mon on two versions of Dart-Mesh, one running on AODV (a reactive mesh routing protocol) and the second running on OLSR (a proactive mesh routing protocol) in separate experiments. Mobility can cause links to break, leading to disconnected partitions. We identify critical nodes in the network, whose failure may cause a partition. We introduce two new metrics based on social-network analysis: the Localized Bridging Centrality (LBC) metric and the Localized Load-aware Bridging Centrality (LLBC) metric, that can identify critical nodes efficiently and in a fully distributed manner. We run a monitoring component on client nodes, called Mesh-Mon-Ami, which also assists Mesh-Mon nodes in the dissemination of management information between physically disconnected partitions, by acting as carriers for management data. We conclude, from our experimental evaluation on our 16-node Dart-Mesh testbed, that our system solves several management challenges in a scalable manner, and is a useful and effective tool for monitoring and managing real-world mesh networks