Secure Many-to-One Communications in Wireless Sensor Networks

Wireless Sensor Networks (WSN) are formed by nodes with limited computational and power resources. WSNs are finding an increasing number of applications, both civilian and military, most of which require security for the sensed data being collected by the base station from remote sensor nodes. In addition, when many sensor nodes transmit to the base station, the implosion problem arises. Providing security measures and implosion-resistance in a resource-limited environment is a real challenge. This article reviews the aggregation strategies proposed in the literature to handle the bandwidth and security problems related to many-to-one transmission in WSNs. Recent contributions to secure lossless many-to-one communication developed by the authors in the context of several Spanish-funded projects are surveyed. Ongoing work on the secure lossy many-to-one communication is also sketched

End-to-end security in active networks

Active network solutions have been proposed to many of the problems caused by the increasing heterogeneity of the Internet. These ystems allow nodes within the network to process data passing through in several ways. Allowing code from various sources to run on routers introduces numerous security concerns that have been addressed by research into safe languages, restricted execution environments, and other related areas. But little attention has been paid to an even more critical question: the effect on end-to-end security of active flow manipulation. This thesis first examines the threat model implicit in active networks. It develops a framework of security protocols in use at various layers of the networking stack, and their utility to multimedia transport and flow processing, and asks if it is reasonable to give active routers access to the plaintext of these flows. After considering the various security problem introduced, such as vulnerability to attacks on intermediaries or coercion, it concludes not. We then ask if active network systems can be built that maintain end-to-end security without seriously degrading the functionality they provide. We describe the design and analysis of three such protocols: a distributed packet filtering system that can be used to adjust multimedia bandwidth requirements and defend against denial-of-service attacks; an efficient composition of link and transport-layer reliability mechanisms that increases the performance of TCP over lossy wireless links; and a distributed watermarking servicethat can efficiently deliver media flows marked with the identity of their recipients. In all three cases, similar functionality is provided to designs that do not maintain end-to-end security. Finally, we reconsider traditional end-to-end arguments in both networking and security, and show that they have continuing importance for Internet design. Our watermarking work adds the concept of splitting trust throughout a network to that model; we suggest further applications of this idea

In-Network Processing For Mission-Criticalwireless Networked Sensing And Control: A Real-Time, Efficiency, And Resiliency Perspective

As wireless cyber-physical systems (WCPS) are increasingly being deployed in mission-critical applications, it becomes imperative that we consider application QoS requirements in in-network processing (INP). In this dissertation, we explore the potentials of two INP methods, packet packing and network coding, on improving network performance while satisfying application QoS requirements. We find that not only can these two techniques increase the energy efficiency, reliability, and throughput of WCPS while satisfying QoS requirements of applications in a relatively static environment, but also they can provide low cost proactive protection against transient node failures in a more dynamic wireless environment. We first study the problem of jointly optimizing packet packing and the timeliness of data delivery. We identify the conditions under which the problem is strong NP-hard, and we find that the problem complexity heavily depends on aggregation constraints instead of network and traffic properties. For cases when the problem is NP-hard, we show that there is no polynomial-time approximation scheme (PTAS); for cases when the problem can be solved in polynomial time, we design polynomial time, offline algorithms for finding the optimal packet packing schemes. We design a distributed, online protocol tPack that schedules packet transmissions to maximize the local utility of packet packing at each node. We evaluate the properties of tPack in NetEye testbed. We find that jointly optimizing data delivery timeliness and packet packing and considering real-world aggregation constraints significantly improve network performance. We then work on the problem of minimizing the transmission cost of network coding based routing in sensor networks. We propose the first mathematical framework so far as we know on how to theoretically compute the expected transmission cost of NC-based routing in terms of expected number of transmission. Based on this framework, we design a polynomial-time greedy algorithm for forwarder set selection and prove its optimality on transmission cost minimization. We designed EENCR, an energy-efficient NC-based routing protocol that implement our forwarder set selection algorithm to minimize the overall transmission cost. Through comparative study on EENCR and other state-of-the-art routing protocols, we show that EENCR significantly outperforms CTP, MORE and CodeOR in delivery reliability, delivery cost and network goodput. Furthermore, we study the 1+1 proactive protection problem using network coding. We show that even under a simplified setting, finding two node-disjoint routing braids with minimal total cost is NP-hard. We then design a heuristic algorithm to construct two node-disjoint braids with a transmission cost upper bounded by two shortest node-disjoint paths. And we design ProNCP, a proactive NC-based protection protocol using similar design philosophy as in EENCR. We evaluate the performance of ProNCP under various transient network failure scenarios. Experiment results show that ProNCP is resilient to various network failure scenarios and provides a state performance in terms of reliability, delivery cost and goodput. Our findings in this dissertation explore the challenges, benefits and solutions in designing real-time, efficient, resilient and QoS-guaranteed wireless cyber-physical systems, and our solutions shed lights for future research on related topics

Quality of service aware data dissemination in vehicular Ad Hoc networks

Des systèmes de transport intelligents (STI) seront éventuellement fournis dans un proche avenir pour la sécurité et le confort des personnes lors de leurs déplacements sur les routes. Les réseaux ad-hoc véhiculaires (VANETs) représentent l'élément clé des STI. Les VANETs sont formés par des véhicules qui communiquent entre eux et avec l'infrastructure. En effet, les véhicules pourront échanger des messages qui comprennent, par exemple, des informations sur la circulation routière, les situations d'urgence et les divertissements. En particulier, les messages d'urgence sont diffusés par des véhicules en cas d'urgence (p.ex. un accident de voiture); afin de permettre aux conducteurs de réagir à temps (p.ex., ralentir), les messages d'urgence doivent être diffusés de manière fiable dans un délai très court. Dans les VANETs, il existe plusieurs facteurs, tels que le canal à pertes, les terminaux cachés, les interférences et la bande passante limitée, qui compliquent énormément la satisfaction des exigences de fiabilité et de délai des messages d'urgence. Dans cette thèse, en guise de première contribution, nous proposons un schéma de diffusion efficace à plusieurs sauts, appelé Dynamic Partitioning Scheme (DPS), pour diffuser les messages d'urgence. DPS calcule les tailles de partitions dynamiques et le calendrier de transmission pour chaque partition; à l'intérieur de la zone arrière de l'expéditeur, les partitions sont calculées de sorte qu'en moyenne chaque partition contient au moins un seul véhicule; l'objectif est de s'assurer que seul un véhicule dans la partition la plus éloignée (de l'expéditeur) est utilisé pour diffuser le message, jusqu'au saut suivant; ceci donne lieu à un délai d'un saut plus court. DPS assure une diffusion rapide des messages d'urgence. En outre, un nouveau mécanisme d'établissement de liaison, qui utilise des tonalités occupées, est proposé pour résoudre le problème du problème de terminal caché. Dans les VANETs, la Multidiffusion, c'est-à-dire la transmission d'un message d'une source à un nombre limité de véhicules connus en tant que destinations, est très importante. Par rapport à la diffusion unique, avec Multidiffusion, la source peut simultanément prendre en charge plusieurs destinations, via une arborescence de multidiffusion, ce qui permet d'économiser de la bande passante et de réduire la congestion du réseau. Cependant, puisque les VANETs ont une topologie dynamique, le maintien de la connectivité de l'arbre de multidiffusion est un problème majeur. Comme deuxième contribution, nous proposons deux approches pour modéliser l'utilisation totale de bande passante d'une arborescence de multidiffusion: (i) la première approche considère le nombre de segments de route impliqués dans l'arbre de multidiffusion et (ii) la seconde approche considère le nombre d'intersections relais dans l'arbre de multidiffusion. Une heuristique est proposée pour chaque approche. Pour assurer la qualité de service de l'arbre de multidiffusion, des procédures efficaces sont proposées pour le suivi des destinations et la surveillance de la qualité de service des segments de route. Comme troisième contribution, nous étudions le problème de la congestion causée par le routage du trafic de données dans les VANETs. Nous proposons (1) une approche de routage basée sur l’infonuagique qui, contrairement aux approches existantes, prend en compte les chemins de routage existants qui relaient déjà les données dans les VANETs. Les nouvelles demandes de routage sont traitées de sorte qu'aucun segment de route ne soit surchargé par plusieurs chemins de routage croisés. Au lieu d'acheminer les données en utilisant des chemins de routage sur un nombre limité de segments de route, notre approche équilibre la charge des données en utilisant des chemins de routage sur l'ensemble des tronçons routiers urbains, dans le but d'empêcher, dans la mesure du possible, les congestions locales dans les VANETs; et (2) une approche basée sur le réseau défini par logiciel (SDN) pour surveiller la connectivité VANET en temps réel et les délais de transmission sur chaque segment de route. Les données de surveillance sont utilisées en entrée de l'approche de routage.Intelligent Transportation Systems (ITS) will be eventually provided in the near future for both safety and comfort of people during their travel on the roads. Vehicular ad-hoc Networks (VANETs), represent the key component of ITS. VANETs consist of vehicles that communicate with each other and with the infrastructure. Indeed, vehicles will be able to exchange messages that include, for example, information about road traffic, emergency situations, and entertainment. Particularly, emergency messages are broadcasted by vehicles in case of an emergency (e.g., car accident); in order to allow drivers to react in time (e.g., slow down), emergency messages must be reliably disseminated with very short delay. In VANETs, there are several factors, such as lossy channel, hidden terminals, interferences and scarce bandwidth, which make satisfying reliability and delay requirements of emergency messages very challenging. In this thesis, as the first contribution, we propose a reliable time-efficient and multi-hop broadcasting scheme, called Dynamic Partitioning Scheme (DPS), to disseminate emergency messages. DPS computes dynamic partition sizes and the transmission schedule for each partition; inside the back area of the sender, the partitions are computed such that in average each partition contains at least a single vehicle; the objective is to ensure that only a vehicle in the farthest partition (from the sender) is used to disseminate the message, to next hop, resulting in shorter one hop delay. DPS ensures fast dissemination of emergency messages. Moreover, a new handshaking mechanism, that uses busy tones, is proposed to solve the problem of hidden terminal problem. In VANETs, Multicasting, i.e. delivering a message from a source to a limited known number of vehicles as destinations, is very important. Compared to Unicasting, with Multicasting, the source can simultaneously support multiple destinations, via a multicast tree, saving bandwidth and reducing overall communication congestion. However, since VANETs have a dynamic topology, maintaining the connectivity of the multicast tree is a major issue. As the second contribution, we propose two approaches to model total bandwidth usage of a multicast tree: (i) the first approach considers the number of road segments involved in the multicast tree and (ii) the second approach considers the number of relaying intersections involved in the multicast tree. A heuristic is proposed for each approach. To ensure QoS of the multicasting tree, efficient procedures are proposed for tracking destinations and monitoring QoS of road segments. As the third contribution, we study the problem of network congestion in routing data traffic in VANETs. We propose (1) a Cloud-based routing approach that, in opposition to existing approaches, takes into account existing routing paths which are already relaying data in VANETs. New routing requests are processed such that no road segment gets overloaded by multiple crossing routing paths. Instead of routing over a limited set of road segments, our approach balances the load of communication paths over the whole urban road segments, with the objective to prevent, whenever possible, local congestions in VANETs; and (2) a Software Defined Networking (SDN) based approach to monitor real-time VANETs connectivity and transmission delays on each road segment. The monitoring data is used as input to the routing approach

Cross-layer design for network performance optimization in wireless networks

In this dissertation, I use mathematical optimization approach to solve the complex network problems. Paper l and paper 2 first show that ignoring the bandwidth constraint can lead to infeasible routing solutions. A sufficient condition on link bandwidth is proposed that makes a routing solution feasible, and then a mathematical optimization model based on this sufficient condition is provided. Simulation results show that joint optimization models can provide more feasible routing solutions and provide significant improvement on throughput and lifetime. In paper 3 and paper 4, an interference model is proposed and a transmission scheduling scheme is presented to minimize the end-to-end delay. This scheduling scheme is designed based on integer linear programming and involves interference modeling. Using this schedule, there are no conflicting transmissions at any time. Through simulation, it shows that the proposed link scheduling scheme can significantly reduce end-to-end latency. Since to compute the maximum throughput is an NP-hard problem, efficient heuristics are presented in Paper 5 that use sufficient conditions instead of the computationally-expensive-to-get optimal condition to capture the mutual conflict relation in a collision domain. Both one-way transmission and two-way transmission are considered. Simulation results show that the proposed algorithms improve network throughput and reduce energy consumption, with significant improvement over previous work on both aspects. Paper 6 studies the complicated tradeoff relation among multiple factors that affect the sensor network lifetime and proposes an adaptive multi-hop clustering algorithm. It realizes the best tradeoff among multiple factors and outperforms others that do not. It is adaptive in the sense the clustering topology changes over time in order to have the maximum lifetime --Abstract, page iv

Energy Efficient Downstream Communication in Wireless Sensor Networks

This dissertation studies the problem of energy efficient downstream communication in Wireless Sensor Networks (WSNs). First, we present the Opportunistic Source Routing (OSR), a scalable, reliable, and energy-efficient downward routing protocol for individual node actuation in data collection WSNs. OSR introduces opportunistic routing into traditional source routing based on the parent set of a node’s upward routing in data collection, significantly addressing the drastic link dynamics in low-power and lossy WSNs. We devise a novel adaptive Bloom filter mechanism to effectively and efficiently encode a downward source-route in OSR, which enables a significant reduction of the length of source-route field in the packet header. OSR is scalable to very large-size WSN deployments, since each resource-constrained node in the network stores only the set of its direct children. The probabilistic nature of the Bloom filter passively explores opportunistic routing. Upon a delivery failure at any hop along the downward path, OSR actively performs opportunistic routing to bypass the obsolete/bad link. The evaluations in both simulations and real-world testbed experiments demonstrate that OSR significantly outperforms the existing approaches in scalability, reliability, and energy efficiency. Secondly, we propose a mobile code dissemination tool for heterogeneous WSN deployments operating on low power links. The evaluation in lab experiment and a real world WSN testbed shows how our tool reduces the laborious work to reprogram nodes for updating the application. Finally, we present an empirical study of the network dynamics of an out-door heterogeneous WSN deployment and devise a benchmark data suite. The network dynamics analysis includes link level characteristics, topological characteristics, and temporal characteristics. The unique features of the benchmark data suite include the full path information and our approach to fill the missing paths based on the principle of the routing protocol

Machine Learning in Wireless Sensor Networks: Algorithms, Strategies, and Applications

Wireless sensor networks monitor dynamic environments that change rapidly over time. This dynamic behavior is either caused by external factors or initiated by the system designers themselves. To adapt to such conditions, sensor networks often adopt machine learning techniques to eliminate the need for unnecessary redesign. Machine learning also inspires many practical solutions that maximize resource utilization and prolong the lifespan of the network. In this paper, we present an extensive literature review over the period 2002-2013 of machine learning methods that were used to address common issues in wireless sensor networks (WSNs). The advantages and disadvantages of each proposed algorithm are evaluated against the corresponding problem. We also provide a comparative guide to aid WSN designers in developing suitable machine learning solutions for their specific application challenges.Comment: Accepted for publication in IEEE Communications Surveys and Tutorial