Artificial immune system based security algorithm for mobile ad hoc networks

Securing Mobile Ad hoc Networks (MANET) that are a collection of mobile, decentralized, and self-organized nodes is a challenging task. The most fundamental aspect of a MANET is its lack of infrastructure, and most design issues and challenges stem from this characteristic. The lack of a centralized control mechanism brings added difficulty in fault detection and correction. The dynamically changing nature of mobile nodes causes the formation of an unpredictable topology. This varying topology causes frequent traffic routing changes, network partitioning and packet losses. The various attacks that can be carried out on MANETs challenge the security capabilities of the mobile wireless network in which nodes can join, leave and move dynamically. The Human Immune System (HIS) provides a foundation upon which Artificial Immune algorithms are based. The algorithms can be used to secure both host-based and network-based systems. However, it is not only important to utilize the HIS during the development of Artificial Immune System (AIS) based algorithms as much as it is important to introduce an algorithm with high performance. Therefore, creating a balance between utilizing HIS and AIS-based intrusion detection algorithms is a crucial issue that is important to investigate. The immune system is a key to the defence of a host against foreign objects or pathogens. Proper functioning of the immune system is necessary to maintain host homeostasis. The cells that play a fundamental role in this defence process are known as Dendritic Cells (DC). The AIS based Dendritic Cell Algorithm is widely known for its large number of applications and well established in the literature. The dynamic, distributed topology of a MANET provides many challenges, including decentralized infrastructure wherein each node can act as a host, router and relay for traffic. MANETs are a suitable solution for distributed regional, military and emergency networks. MANETs do not utilize fixed infrastructure except where a connection to a carrier network is required, and MANET nodes provide the transmission capability to receive, transmit and route traffic from a sender node to the destination node. In the HIS, cells can distinguish between a range of issues including foreign body attacks as well as cellular senescence. The primary purpose of this research is to improve the security of MANET using the AIS framework. This research presents a new defence approach using AIS which mimics the strategy of the HIS combined with Danger Theory. The proposed framework is known as the Artificial Immune System based Security Algorithm (AISBA). This research also modelled participating nodes as a DC and proposed various signals to indicate the MANET communications state. Two trust models were introduced based on AIS signals and effective communication. The trust models proposed in this research helped to distinguish between a “good node” as well as a “selfish node”. A new MANET security attack was identified titled the Packet Storage Time attack wherein the attacker node modifies its queue time to make the packets stay longer than necessary and then circulates stale packets in the network. This attack is detected using the proposed AISBA. This research, performed extensive simulations with results to support the effectiveness of the proposed framework, and statistical analysis was done which showed the false positive and false negative probability falls below 5%. Finally, two variations of the AISBA were proposed and investigated, including the Grudger based Artificial Immune System Algorithm - to stimulate selfish nodes to cooperate for the benefit of the MANET and Pain reduction based Artificial Immune System Algorithm - to model Pain analogous to HIS

Quality of Service (QoS) security in mobile ad hoc networks

With the rapid proliferation of wireless networks and mobile computing applications, Quality of Service (QoS) for mobile ad hoc networks (MANETs) has received increased attention. Security is a critical aspect of QoS provisioning in the MANET environment. Without protection from a security mechanism, attacks on QoS signaling system could result in QoS routing malfunction, interference of resource reservation, or even failure of QoS provision. Due to the characteristics of the MANETs, such as rapid topology change and limited communication and computation capacity, the conventional security measures cannot be applied and new security techniques are necessary. However, little research has been done on this topic. In this dissertation, the security issues will be addressed for MANET QoS systems. The major contributions of this research are: (a) design of an authentication mechanism for ad hoc networks; (b) design of a security mechanism to prevent and detect attacks on the QoS signaling system; (c) design of an intrusion detection mechanism for bandwidth reservation to detect QoS attacks and Denial of Service (DoS) attacks. These three mechanisms are evaluated through simulation

Intrusion detection in IPv6-enabled sensor networks.

In this research, we study efficient and lightweight Intrusion Detection Systems (IDS) for ad-hoc networks through the lens of IPv6-enabled Wireless Sensor Actuator Networks. These networks consist of highly constrained devices able to communicate wirelessly in an ad-hoc fashion, thus following the architecture of ad-hoc networks. Current state of the art IDS in IoT and WSNs have been developed considering the architecture of conventional computer networks, and as such they do not efficiently address the paradigm of ad-hoc networks, which is highly relevant in emerging network paradigms, such as the Internet of Things (IoT). In this context, the network properties of resilience and redundancy have not been extensively studied. In this thesis, we first identify a trade-off between the communication and energy overheads of an IDS (as captured by the number of active IDS agents in the network) and the performance of the system in terms of successfully identifying attacks. In order to fine-tune this trade-off, we model networks as Random Geometric Graphs; these are a rigorous approach that allows us to capture underlying structural properties of the network. We then introduce a novel IDS architectural approach that consists of a central IDS agent and set of distributed IDS agents deployed uniformly at random over the network area. These nodes are able to efficiently detect attacks at the networking layer in a collaborative manner by monitoring locally available network information provided by IoT routing protocols, such as RPL. The detailed experimental evaluation conducted in this research demonstrates significant performance gains in terms of communication overhead and energy dissipation while maintaining high detection rates. We also show that the performance of our IDS in ad-hoc networks does not rely on the size of the network but on fundamental underling network properties, such as the network topology and the average degree of the nodes. The experiments show that our proposed IDS architecture is resilient against frequent topology changes due to node failures

Performance analysis of wireless intrusion detection systems

Wireless intrusion detection system (WIDS) has become a matter of increasing concern in recent years as a crucial element in wireless network security. WIDS monitors 802.11 traffic to identify the intrusive activities, and then alerts the complementary prevention part to combat the attacks. Selecting a reliable WIDS system necessitates inevitably taking into account a credible evaluation of WIDSs performance. WIDS effectiveness is considered the basic factor in evaluating the WIDS performance, thus it receives great attention in this thesis. Most previous experimental evaluations of intrusion detection systems (IDSs) were concerned with the wired IDSs, with an apparent lack of evaluating the wireless IDSs (WIDSs). In this thesis, we try to manipulate three main critiques of most pervious evaluations; lack of comprehensive evaluation methodology, holistic attack classification, and expressive evaluation metrics. In this thesis, we introduce a comprehensive evaluation methodology that covers all the essential dimensions for a credible evaluation of WIDSs performance. The main pivotal dimensions in our methodology are characterizing and generating the evaluation dataset, defining reliable and expressive evaluation metrics, and overcoming the evaluation limitations. Basically, evaluation dataset consists of two main parts; normal traffic (as a background) and malicious traffic. The background traffic, which comprises normal and benign activities in the absence of attacks, was generated in our experimental evaluation tests as real controlled traffic. The second and important part of the dataset is the malicious traffic which is composed of intrusive activities. Comprehensive and credible evaluation of WIDSs necessitates taking into account all possible attacks. While this is operationally impossible, it is necessary to select representative attack test cases that are extracted mainly from a comprehensive classification of wireless attacks. Dealing with this challenge, we have developed a holistic taxonomy of wireless security attacks from the perspective of the WIDS evaluator. The second pivotal dimension in our methodology is defining reliable evaluation metrics. We introduce a new evaluation metric EID (intrusion detection effectiveness) that manipulates the drawbacks of the previously proposed metrics, especially the common drawback of their main notion that leads to measuring a relative effectiveness. The notion of our developed metric EID helps in measuring the actual effectiveness. We also introduce another metric RR (attack recognition rate) to evaluate the ability of WIDS to recognize the attack type. The third important dimension in our methodology is overcoming the evaluation limitations. The great challenge that we have faced in the experimental evaluation of WIDSs is the uncontrolled traffic over the open wireless medium. This uncontrolled traffic affects the accuracy of the measurements. We overcame this problem by constructing an RF shielded testbed to take all the measurements under our control without any interfering from any adjacent stations. Finally, we followed our methodology and conducted experimental evaluation tests of two popular WIDSs (Kismet and AirSnare), and demonstrated the utility of our proposed solutions

Analyse de performance des systèmes de détection d’intrusion sans-fil

La sécurité des réseaux sans fil fait l’objet d’une attention considérable ces dernières années. Toutefois, les communications sans fil sont confrontées à plusieurs types de menaces et d’attaques. Par conséquent, d’importants efforts, visant à sécuriser davantage les réseaux sans fil, ont dû être fournis pour en vue de lutter contre les attaques sans fil. Seulement, croire qu’une prévention intégrale des attaques peut s’effectuer au niveau de la première ligne de défense d’un système (pare-feux, chiffrement, …) n’est malheureusement qu’illusion. Ainsi, l’accent est de plus en plus porté sur la détection des attaques sans fil au travers d’une seconde ligne de défense, matérialisée par les systèmes de détection d’intrusions sans fil (WIDS). Les WIDS inspectent le trafic sans fil, respectant la norme 802.11, ainsi que les activités du système dans le but de détecter des activités malicieuses. Une alerte est ensuite envoyée aux briques chargées de la prévention pour contrer l’attaque. Sélectionner un WIDS fiable dépend principalement de l’évaluation méticuleuse de ses performances. L’efficacité du WIDS est considérée comme le facteur fondamental lors de l’évaluation de ses performances, nous lui accordons donc un grand intérêt dans ces travaux de thèse. La majeure partie des études expérimentales visant l’évaluation des systèmes de détection d’intrusions (IDS) s’intéressait aux IDS filaires, reflétant ainsi une carence claire en matière d’évaluation des IDS sans fil (WIDS). Au cours de cette thèse, nous avons mis l’accent sur trois principales critiques visant la plupart des précédentes évaluations : le manque de méthodologie d’évaluation globale, de classification d’attaque et de métriques d’évaluation fiables. Au cours de cette thèse, nous sommes parvenus à développer une méthodologie complète d’évaluation couvrant toutes les dimensions nécessaires pour une évaluation crédible des performances des WIDSs. Les axes principaux de notre méthodologie sont la caractérisation et la génération des données d’évaluation, la définition de métriques d’évaluation fiables tout en évitant les limitations de l’évaluation. Fondamentalement, les données d’évaluation sont constituées de deux principales composantes à savoir: un trafic normal et un trafic malveillant. Le trafic normal que nous avons généré au cours de nos tests d’évaluation était un trafic réel que nous contrôlions. La deuxième composante des données, qui se trouve être la plus importante, est le trafic malveillant consistant en des activités intrusives. Une évaluation complète et crédible des WIDSs impose la prise en compte de tous les scénarios et types d’attaques éventuels. Cela étant impossible à réaliser, il est nécessaire de sélectionner certains cas d’attaque représentatifs, principalement extraits d’une classification complète des attaques sans fil. Pour relever ce défi, nous avons développé une taxinomie globale des attaques visant la sécurité des réseaux sans fil, d’un point de vue de l’évaluateur des WIDS. Le deuxième axe de notre méthodologie est la définition de métriques fiables d’évaluation. Nous avons introduit une nouvelle métrique d’évaluation, EID (Efficacité de la détection d’intrusion), visant à pallier les limitations des précédentes métriques proposées. Nous avons démontré l’utilité de la métrique EID par rapport aux autres métriques proposées précédemment et comment elle parvenait à mesurer l’efficacité réelle tandis que les précédentes métriques ne mesuraient qu’une efficacité relative. L’EID peut tout aussi bien être utilisé pour l’évaluation de l’efficacité des IDS filaires et sans fil. Nous avons aussi introduit une autre métrique notée RR (Taux de Reconnaissance), pour mesurer l’attribut de reconnaissance d’attaque. Un important problème se pose lorsque des tests d’évaluation des WIDS sont menés, il s’agit des données de trafics incontrôlés sur le support ouvert de transmission. Ce trafic incontrôlé affecte sérieusement la pertinence des mesures. Pour outrepasser ce problème, nous avons construit un banc d’essai RF blindé, ce qui nous a permis de prendre des mesures nettes sans aucune interférence avec quelconque source de trafic incontrôlé. Pour finir, nous avons appliqué notre méthodologie et effectué des évaluations expérimentales relatives à deux WIDSs populaires (Kismet et AirSnare); nous avons démontré à l’issue de ces évaluations pratiques et l’utilité de nos solutions proposées. ABSTRACT : Wireless intrusion detection system (WIDS) has become a matter of increasing concern in recent years as a crucial element in wireless network security. WIDS monitors 802.11 traffic to identify the intrusive activities, and then alerts the complementary prevention part to combat the attacks. Selecting a reliable WIDS system necessitates inevitably taking into account a credible evaluation of WIDSs performance. WIDS effectiveness is considered the basic factor in evaluating the WIDS performance, thus it receives great attention in this thesis. Most previous experimental evaluations of intrusion detection systems (IDSs) were concerned with the wired IDSs, with an apparent lack of evaluating the wireless IDSs (WIDSs). In this thesis, we try to manipulate three main critiques of most pervious evaluations; lack of comprehensive evaluation methodology, holistic attack classification, and expressive evaluation metrics. In this thesis, we introduce a comprehensive evaluation methodology that covers all the essential dimensions for a credible evaluation of WIDSs performance. The main pivotal dimensions in our methodology are characterizing and generating the evaluation dataset, defining reliable and expressive evaluation metrics, and overcoming the evaluation limitations. Basically, evaluation dataset consists of two main parts; normal traffic (as a background) and malicious traffic. The background traffic, which comprises normal and benign activities in the absence of attacks, was generated in our experimental evaluation tests as real controlled traffic. The second and important part of the dataset is the malicious traffic which is composed of intrusive activities. Comprehensive and credible evaluation of WIDSs necessitates taking into account all possible attacks. While this is operationally impossible, it is necessary to select representative attack test cases that are extracted mainly from a comprehensive classification of wireless attacks. Dealing with this challenge, we have developed a holistic taxonomy of wireless security attacks from the perspective of the WIDS evaluator. The second pivotal dimension in our methodology is defining reliable evaluation metrics. We introduce a new evaluation metric EID (intrusion detection effectiveness) that manipulates the drawbacks of the previously proposed metrics, especially the common drawback of their main notion that leads to measuring a relative effectiveness. The notion of our developed metric EID helps in measuring the actual effectiveness. We also introduce another metric RR (attack recognition rate) to evaluate the ability of WIDS to recognize the attack type. The third important dimension in our methodology is overcoming the evaluation limitations. The great challenge that we have faced in the experimental evaluation of WIDSs is the uncontrolled traffic over the open wireless medium. This uncontrolled traffic affects the accuracy of the measurements. We overcame this problem by constructing an RF shielded testbed to take all the measurements under our control without any interfering from any adjacent stations. Finally, we followed our methodology and conducted experimental evaluation tests of two popular WIDSs (Kismet and AirSnare), and demonstrated the utility of our proposed solutions

Mobile Ad-Hoc Networks

Being infrastructure-less and without central administration control, wireless ad-hoc networking is playing a more and more important role in extending the coverage of traditional wireless infrastructure (cellular networks, wireless LAN, etc). This book includes state-of-the-art techniques and solutions for wireless ad-hoc networks. It focuses on the following topics in ad-hoc networks: quality-of-service and video communication, routing protocol and cross-layer design. A few interesting problems about security and delay-tolerant networks are also discussed. This book is targeted to provide network engineers and researchers with design guidelines for large scale wireless ad hoc networks

Security protocols suite for machine-to-machine systems

Nowadays, the great diffusion of advanced devices, such as smart-phones, has shown that there is a growing trend to rely on new technologies to generate and/or support progress; the society is clearly ready to trust on next-generation communication systems to face today’s concerns on economic and social fields. The reason for this sociological change is represented by the fact that the technologies have been open to all users, even if the latter do not necessarily have a specific knowledge in this field, and therefore the introduction of new user-friendly applications has now appeared as a business opportunity and a key factor to increase the general cohesion among all citizens. Within the actors of this technological evolution, wireless machine-to-machine (M2M) networks are becoming of great importance. These wireless networks are made up of interconnected low-power devices that are able to provide a great variety of services with little or even no user intervention. Examples of these services can be fleet management, fire detection, utilities consumption (water and energy distribution, etc.) or patients monitoring. However, since any arising technology goes together with its security threats, which have to be faced, further studies are necessary to secure wireless M2M technology. In this context, main threats are those related to attacks to the services availability and to the privacy of both the subscribers’ and the services providers’ data. Taking into account the often limited resources of the M2M devices at the hardware level, ensuring the availability and privacy requirements in the range of M2M applications while minimizing the waste of valuable resources is even more challenging. Based on the above facts, this Ph. D. thesis is aimed at providing efficient security solutions for wireless M2M networks that effectively reduce energy consumption of the network while not affecting the overall security services of the system. With this goal, we first propose a coherent taxonomy of M2M network that allows us to identify which security topics deserve special attention and which entities or specific services are particularly threatened. Second, we define an efficient, secure-data aggregation scheme that is able to increase the network lifetime by optimizing the energy consumption of the devices. Third, we propose a novel physical authenticator or frame checker that minimizes the communication costs in wireless channels and that successfully faces exhaustion attacks. Fourth, we study specific aspects of typical key management schemes to provide a novel protocol which ensures the distribution of secret keys for all the cryptographic methods used in this system. Fifth, we describe the collaboration with the WAVE2M community in order to define a proper frame format actually able to support the necessary security services, including the ones that we have already proposed; WAVE2M was funded to promote the global use of an emerging wireless communication technology for ultra-low and long-range services. And finally sixth, we provide with an accurate analysis of privacy solutions that actually fit M2M-networks services’ requirements. All the analyses along this thesis are corroborated by simulations that confirm significant improvements in terms of efficiency while supporting the necessary security requirements for M2M networks