Security in Delay Tolerant Networks

Delay- and Disruption-tolerant wireless networks (DTN), or opportunistic networks, represent a class of networks where continuous end-to-end connectivity may not be possible. DTN is a well recognized area in networking research and has attracted extensive attentions from both network designers and application developers. Applications of this emergent communication paradigm are wide ranging and include sensor networks using scheduled intermittent connectivity, vehicular DTNs for dissemination of location-dependent information (e.g., local ads, traffic reports, parking information, etc.), pocket-switched networks to allow humans to communicate without network infrastructure, and underwater acoustic networks with moderate delays and frequent interruptions due to environmental factors, etc. Security is one of the main barriers to wide-scale deployment of DTNs, but has gained little attention so far. On the one hand, similar to traditional mobile ad hoc networks, the open channel and multi-hop transmission have made DTNs vulnerable to various security threats, such as message modification/injection attack or unauthorized access and utilization of DTN resources. On the other hand, the unique security characteristics of DTNs including: long round-trip delay, frequent disconnectivity, fragmentation, opportunistic routing as well as limited computational and storage capability, make the existing security protocols designed for the conventional ad hoc networks unsuitable for DTNs. Therefore, a series of new security protocols are highly desired to meet stringent security and efficiency requirements for securing DTNs. In this research, we focus on three fundamental security issues in DTNs: efficient DTN message (or bundle) authentication, which is a critical security service for DTN security; incentive issue, which targets at stimulating selfish nodes to forward data for others; and certificate revocation issue, which is an important part of public key management and serves the foundation of any DTN security protocols. We have made the following contributions: First of all, the unique ``store-carry-and-forward'' transmission characteristic of DTNs implies that bundles from distinct/common senders may opportunistically be buffered at some common intermediate nodes. Such a ``buffering'' characteristic distinguishes DTN from any other traditional wireless networks, for which intermediate cache is not supported. To exploit such buffering opportunities, we propose an Opportunistic Batch Bundle Authentication Scheme (OBBA) to dramatically reduce the bundle authentication cost by seamlessly integrating identity-based batch signatures and Merkle tree techniques. Secondly, we propose a secure multi-layer credit based incentive scheme to stimulate bundle forwarding cooperation among DTNs nodes. The proposed scheme can be implemented in a fully distributed manner to thwart various attacks without relying on any tamper-proof hardware. In addition, we introduce several efficiency-optimization techniques to improve the overall efficiency by exploiting the unique characteristics of DTNs. Lastly, we propose a storage-efficient public key certificate validation method. Our proposed scheme exploits the opportunistic propagation to transmit Certificate Revocation List (CRL) list while taking advantage of bloom filter technique to reduce the required buffer size. We also discuss how to take advantage of cooperative checking to minimize false positive rate and storage consumption. For each research issue, detailed simulation results in terms of computational time, transmission overhead and power consumption, are given to validate the efficiency and effectiveness of the proposed security solutions

Distribuição de conteúdos em redes veiculares com mecanismos de filtragem

Mestrado em Engenharia Eletrónica e TelecomunicaçõeConectividade representa uma grande necessidade da população desde o início dos tempos. As pessoas têm, logo à partida, um desejo de estarem ligadas entre si e ao resto do mundo. Tal não mudou nos tempos actuais, especialmente na era das novas tecnologias onde conectarse com alguém está apenas a uns cliques de distância. Do ponto de vista de engenheiros da área das telecomunicações, este rápido desenvolvimento nas comunicações sem fios tem sido especialmente marcante. Devido a esta constante necessidade de comunicação, as VANETs (Vehicular Ad-Hoc Networks) atraem actualmente um interesse significativo. Esse interesse deve-se ao facto de as redes veiculares não só poderem ser usadas para uma condução potencialmente mais segura, como também poderem proporcionar aos passageiros o acesso à Internet. As redes veiculares têm características específicas face a outro tipo de redes, tais como o número elevado de veículos ou nós, rotas imprevis íveis e a constante perda de conectividade entre os mesmos, revelando vários desafios que propõem estudos para os solucionar. A solução encontrada para a conectividade intermitente prende-se com o uso de DTNs (Delay-Tolerant Networks) cuja arquitectura assegura a entrega de informação mesmo quando não há conhecimento do percurso completo que esta deve percorrer. Esta Dissertação de Mestrado foca-se no estudo da disseminação de conteúdo não-urgente via uso de DTNs, assegurando que esta mesma disseminação é feita no menor espaço de tempo possível e com o mínimo congestionamento possível na rede. Actualmente, embora a entrega de informação já seja efectuada na rede num espaço de tempo satisfatório, as estratégias implementadas forçam um congestionamento (overhead ) considerável na rede. Para combater este efeito, foi desenvolvida uma estratégia de disseminação através do uso de Bloom Filters, uma estrutura de dados capaz de eliminar a maior parte dos acessos desnecessários à memória, assegurando a um nó a existência de um pacote específico, com uma certa probabilidade, de entre toda a informação que os seus vizinhos contêm. Esta estratégia foi implementada no software de DTNs mOVERS Emulator, desenvolvido pelo Instituto de Telecomunicações de Aveiro (IT) e pela Veniam® e posteriormente testada no mesmo. O emulador utilizado simula uma rede veicular com base em informação recolhida da rede veicular da cidade do Porto. Após análise dos resultados obtidos, foi concluído que a nova estratégia de disseminação proposta, denominada FILTER, cumpriu o principal objectivo proposto, nomeadamente, a redução do overhead na rede veicular, com uma pequena perda de taxa de entrega da informação. Para trabalho futuro, é aconselhável realizar um estudo mais extenso em métodos relacionados com utilidade da informação para optimizar essa mesma taxa de entrega.Connectivity represents one of people's great needs since the beginning of times. From the start, people have a desire to be connected to each other and to the rest of the world. Such has not changed in modern times, especially in the era of new technologies where connecting with someone is only a few clicks away. From the point of view of engineers in the area of telecommunications, this fast development in wireless communications has been especially outstanding. Due to this constant need for communication, VANETs (Vehicular Ad- Hoc Networks) are currently attracting signi cant attention. Such attention is due to the fact that vehicular networks may be used for, not only potentially safer driving, they also provide its users with Internet access. Vehicular Networks have speci c characteristics when compared to other types of networks, such as the high number of vehicles or nodes, unpredictable routes and the constant loss of connectivity between these nodes, thus revealing several challenges which propose studies to solve them. The solution found for the intermittent connectivity involves the use of DTNs (Delay-Tolerant Networks) whose architecture ensures the delivery of information even without knowledge of the whole path it must travel. This Masters Dissertation focuses on the study of non-urgent content dissemination through the use of DTNs, ensuring that this same dissemination is done within the shortest time frame and with the minimum congestion possible in the network. Currently, though the information delivery is already performed in the network with a satisfactory time frame, the implemented strategies force considerable congestion in the network. To overcome this e ect, a dissemination strategy was developed through the use of Bloom Filters, a data structure capable of eliminating most of the unnecessary access to memory, by ensuring a node the existence of a speci c packet, with a certain probability, from among all the information its neighbours contain. This strategy was implemented in the DTN software mOVERS, developed by Instituto de Telecomunicações in Aveiro (IT) and Veniam® and posteriorly tested in the same emulator. The emulator used simulates a vehicular network with information gathered from the vehicular network in the city of Porto. After the analysis of the obtained results, it was concluded that the new proposed dissemination strategy, named FILTER, has ful lled its primary objective, namely, the reduction of the vehicular network's overhead, with a small loss in the delivery rate of the information. For future work, it is advisable to perform a more extensive study in methods related to the information's usefulness to a neighbour to optimize such delivery rate

Supporting Large Scale Communication Systems on Infrastructureless Networks Composed of Commodity Mobile Devices: Practicality, Scalability, and Security.

Infrastructureless Delay Tolerant Networks (DTNs) composed of commodity mobile devices have the potential to support communication applications resistant to blocking and censorship, as well as certain types of surveillance. In this thesis we study the utility, practicality, robustness, and security of these networks. We collected two sets of wireless connectivity traces of commodity mobile devices with different granularity and scales. The first dataset is collected through active installation of measurement software on volunteer users' own smartphones, involving 111 users of a DTN microblogging application that we developed. The second dataset is collected through passive observation of WiFi association events on a university campus, involving 119,055 mobile devices. Simulation results show consistent message delivery performances of the two datasets. Using an epidemic flooding protocol, the large network achieves an average delivery rate of 0.71 in 24 hours and a median delivery delay of 10.9 hours. We show that this performance is appropriate for sharing information that is not time sensitive, e.g., blogs and photos. We also show that using an energy efficient variant of the epidemic flooding protocol, even the large network can support text messages while only consuming 13.7% of a typical smartphone battery in 14 hours. We found that the network delivery rate and delay are robust to denial-of-service and censorship attacks. Attacks that randomly remove 90% of the network participants only reduce delivery rates by less than 10%. Even when subjected to targeted attacks, the network suffered a less than 10% decrease in delivery rate when 40% of its participants were removed. Although structurally robust, the openness of the proposed network introduces numerous security concerns. The Sybil attack, in which a malicious node poses as many identities in order to gain disproportionate influence, is especially dangerous as it breaks the assumption underlying majority voting. Many defenses based on spatial variability of wireless channels exist, and we extend them to be practical for ad hoc networks of commodity 802.11 devices without mutual trust. We present the Mason test, which uses two efficient methods for separating valid channel measurement results of behaving nodes from those falsified by malicious participants.PhDElectrical Engineering: SystemsUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/120779/1/liuyue_1.pd

PERFORMANCE EVALUATION OF DISRUPTION TOLERANT NETWORKS WITH IMMUNITY MECHANISM AND CODING TECHNIQUE

We examine the performance of a Disruption Tolerant Networks (DTNs) with an epidemic routing (ER) scheme with the coding technique and/or immunity mechanism under the various network environments. We are interested in the scenarios of opportunistic dissemination of large files. First, we study how the different implementations of the ER scheme perform in diverse network settings. We compare the performance of ER with its summary vector implemented as both a list and as a Bloom filter. Second, we examine how network coding affects the performance of the ER scheme. To this end, we investigate the performance of encoding-based routing (EBR), a variant of the ER scheme which uses random linear coding at source nodes. EBR is expected to mitigate what is commonly known as the coupon collector’s problem, which arises when a large file is chopped into small fragments and then the fragments are disseminated throughout the network. We compare this to the case where intermediate non-source nodes are allowed to create new linear combinations from the ones it already holds. Lastly, we evaluate the benefits of two different types of immunity mechanisms – one based on file ID and the other based on bundle ID – with not only the ER scheme but also two different EBR schemes in various network scenarios and settings. We also investigate the performance gain from compressing the immunity list. By presenting and analyzing extensive simulation results, we provide information that could provide a guideline for employing each of the aforementioned techniques in routing schemes of interest in various network settings

Application of Machine Learning Techniques to Delay Tolerant Network Routing

This dissertation discusses several machine learning techniques to improve routing in delay tolerant networks (DTNs). These are networks in which there may be long one-way trip times, asymmetric links, high error rates, and deterministic as well as non-deterministic loss of contact between network nodes, such as interplanetary satellite networks, mobile ad hoc networks and wireless sensor networks. This work uses historical network statistics to train a multi-label classifier to predict reliable paths through the network. In addition, a clustering technique is used to predict future mobile node locations. Both of these techniques are used to reduce the consumption of resources such as network bandwidth, memory and data storage that is required by replication routing methods often used in opportunistic DTN environments. Thesis contributions include: an emulation tool chain developed to create a DTN test bed for machine learning, the network and software architecture for a machine learning based routing method, the development and implementation of classification and clustering techniques and performance evaluation in terms of machine learning and routing metrics

Scaling Up Delay Tolerant Networking

Delay Tolerant Networks (DTN) introduce a networking paradigm based on store, carry and forward. This makes DTN ideal for situations where nodes experience intermittent connectivity due to movement, less than ideal infrastructure, sparse networks or other challenging environmental conditions. Standardization efforts focused around the Bundle Protoocol (BP) (RFC 5050) aim to provide a generic set of protocols and technologies to build DTNs. However, there are several challenges when trying to apply the BP to the Internet as a whole that are tackled in this thesis: There is no DTN routing mechanism that can work in Internet-scale networks. Similarly, available discovery mechanisms for opportunistic contacts do not scale to the Internet. This work presents a solution offering pull-based name resolution that is able to represent the flat unstructured BP namespace in a distributed data structure and leaves routing through the Internet to the underlying IP layer. A second challenge is the large amount of data stored by DTN nodes in large-scale applications. Reconciling two large sets of data during an opportunistic contact without any previous state in a space efficient manner is a non-trivial problem. This thesis will present a very robust solution that is almost as efficient as Bloom filters while being able to avoid false positives that would prevent full reconciliation of the sets. Lastly, when designing networks that are based on agents willing to carry information, incentives are an important factor. This thesis proposes a financially sustainable system to incentive users to participate in a DTN with their private smartphones. A user study is conducted to get a lead on the main motivational factors that let people participate in a DTN. The study gives some insight under what conditions relying on continuous motivation and cooperation from private users is a reasonable assumption when designing a DTN.Delay Tolerant Networks (DTN) sind ein Konzept für Netzwerke, das auf der Idee beruht, Datenpakete bei Bedarf längere Zeit zu speichern und vor der Weiterleitung an einen anderen Knoten physikalisch zu transportieren. Diese Vorgehensweise erlaubt den Einsatz von DTN in Netzen, die häufige Unterbrechungen aufweisen. Mit dem Bundle Protocol (BP) (RFC 5050) wird ein Satz von Standardprotokollen für DTNs entwickelt. Wenn man das BP im Internet einsetzen möchte ergeben sich einige Herausforderungen: Es existiert kein DTN Routingverfahren, das skalierbar genug ist um im Internet eingesetzt zu werden. Das Gleiche trifft auf verfügbare Discovery Mechanismen für opportunistische Netze zu. In dieser Arbeit wird ein verteilter, reaktiver Mechanismus zur Namensauflösung im DTN vorgestellt, der den flachen, unstrukturierten Namensraum des BP abbilden kann und es ermöglicht das Routing komplett der IP Schicht zu überlassen. Eine weitere Herausforderung ist die große Menge an Nachrichten, die Knoten puffern müssen. Die effiziente Synchronisierung von zwei Datensets während eines opportunistischen Kontaktes, ohne Zustandsinformationen, ist ein komplexes Problem. Diese Arbeit schlägt einen robusten Algorithmus vor, der die Effizienz eines Bloom Filters hat, dabei jedoch die False Positives vermeidet, die normalerweise eine komplette Synchronisation verhindern würden. Ein DTN basiert darauf, dass Teilnehmer Daten puffern und transportieren. Wenn diese Teilnehmer z.B. private User mit Smarpthones sind, ist es essentiell diese Benutzer zu einer dauerhaften Teilnahme am Netzwerk zu motivieren. In dieser Arbeit wird ein finanziell tragfähiges System entwickelt, welches Benutzer für eine Teilnahme am DTN belohnt. Eine Benutzerstudie wurde durchgeführt, um herauszufinden, welche Faktoren Benutzer motivieren und unter welchen Umständen davon auszugehen ist, dass Benutzer wenn man das BP im Internet einsetzen möchte dauerhaft in einem DTN kooperieren und Resourcen zur Verfügung stellen

Ereignisbasierte Software-Architektur für Verzögerungs- und Unterbrechungstolerante Netze

Continuous end-to-end connectivity is not available all the time, not even in wired networks. Delay- and Disruption-Tolerant Networking (DTN) allows devices to communicate even if there is no continuous path to the destination by replacing the end-to-end semantics with a hop-by-hop store-carry-and-forward approach. Since existing implementations of DTN software suffer from various limitations, this work presents the event-driven software architecture of IBR-DTN, a lean, lightweight, and extensible implementation of a networking stack for Delay- and Disruption-Tolerant Networking. In a comprehensive description of the architecture and the underlying design decisions, this work focuses on eliminating weaknesses of the Bundle Protocol (RFC 5050). One of these is the dependency on synchronized clocks. Thus, this work takes a closer look on that requirement and presents approaches to bypass that dependency for some cases. For scenarios which require synchronized clocks, an approach is presented to distribute time information which is used to adjust the individual clock of nodes. To compare the accuracy of time information provided by each node, this approach introduces a clock rating. Additionally, a self-aligning algorithm is used to automatically adjust the node's clock rating parameters according to the estimated accuracy of the node's clock. In an evaluation, the general portability of the bundle node software is proven by porting it to various systems. Further, a performance analysis compares the new implementation with existing software. To perform an evaluation of the time-synchronization algorithm, the ONE simulator is modified to provide individual clocks with randomized clock errors for every node. Additionally, a specialized testbed, called Hydra, is being developed to test the implementation of the time-synchronization approach in real software. Hydra instantiates virtualized nodes running a complete operating system and provides a way to test real software in large DTN scenarios. Both the simulation and the emulation in Hydra show that the algorithm for time-synchronization can provide an adequate accuracy depending on the inter-contact times.Eine kontinuierliche Ende-zu-Ende-Konnektivität ist nicht immer verfügbar, nicht einmal in drahtgebundenen Netzen. Verzögerungs- und unterbrechungstolerante Kommunikation (DTN) ersetzt die Ende-zu-Ende-Semantik mit einem Hop-by-Hop Store-Carry-and-Forward Ansatz und erlaubt es so Geräten miteinander zu kommunizieren, auch wenn es keinen kontinuierlichen Pfad gibt. Da bestehende DTN Implementierungen unter verschiedenen Einschränkungen leiden, stellt diese Arbeit die ereignisgesteuerte Software-Architektur von IBR-DTN, eine schlanke, leichte und erweiterbare Implementierung eines Netzwerk-Stacks für Verzögerungs- und unterbrechungstolerante Netze vor. In einer umfassenden Beschreibung der Architektur und den zugrunde liegenden Design-Entscheidungen, konzentriert sich diese Arbeit auf die Beseitigung von Schwächen des Bundle Protocols (RFC 5050). Eine davon ist die Abhängigkeit zu synchronisierten Uhren. Daher wirft diese Arbeit einen genaueren Blick auf diese Anforderung und präsentiert Ansätze, um diese Abhängigkeit in einigen Fällen zu umgehen. Für Szenarien die synchronisierte Uhren voraussetzen wird außerdem ein Ansatz vorgestellt, um die Uhren der einzelnen Knoten mit Hilfe von verteilten Zeitinformationen zu korrigieren. Um die Genauigkeit der Zeitinformationen von jedem Knoten vergleichen zu können, wird eine Bewertung der Uhren eingeführt. Zusätzlich wird ein Algorithmus vorgestellt, der die Parameter der Bewertung in Abhängigkeit von der ermittelten Genauigkeit der lokalen Uhr anpasst. In einer Evaluation wird die allgemeine Portabilität der Software zu verschiedenen Systemen gezeigt. Ferner wird bei einer Performance-Analyse die neue Software mit existierenden Implementierungen verglichen. Um eine Evaluation des Zeitsynchronisationsalgorithmus durchzuführen, wird der ONE Simlator so angepasst, dass jeder Knoten eine individuelle Uhr mit zufälligem Fehler besitzt. Außerdem wird eine spezielle Testumgebung namens Hydra vorgestellt um eine echte Implementierung des Zeitsynchronisationsalgorithmus zu testen. Hydra instanziiert virtualisierte Knoten mit einem kompletten Betriebssystem und bietet die Möglichkeit echte Software in großen DTN Szenarien zu testen. Sowohl die Simulation als auch die Emulation in Hydra zeigen, dass der Algorithmus für die Zeitsynchronisation eine ausreichende Genauigkeit in Abhängigkeit von Kontakthäufigkeit erreicht