193 research outputs found
Quality of Information in Mobile Crowdsensing: Survey and Research Challenges
Smartphones have become the most pervasive devices in people's lives, and are
clearly transforming the way we live and perceive technology. Today's
smartphones benefit from almost ubiquitous Internet connectivity and come
equipped with a plethora of inexpensive yet powerful embedded sensors, such as
accelerometer, gyroscope, microphone, and camera. This unique combination has
enabled revolutionary applications based on the mobile crowdsensing paradigm,
such as real-time road traffic monitoring, air and noise pollution, crime
control, and wildlife monitoring, just to name a few. Differently from prior
sensing paradigms, humans are now the primary actors of the sensing process,
since they become fundamental in retrieving reliable and up-to-date information
about the event being monitored. As humans may behave unreliably or
maliciously, assessing and guaranteeing Quality of Information (QoI) becomes
more important than ever. In this paper, we provide a new framework for
defining and enforcing the QoI in mobile crowdsensing, and analyze in depth the
current state-of-the-art on the topic. We also outline novel research
challenges, along with possible directions of future work.Comment: To appear in ACM Transactions on Sensor Networks (TOSN
Trustworthy Federated Learning: A Survey
Federated Learning (FL) has emerged as a significant advancement in the field
of Artificial Intelligence (AI), enabling collaborative model training across
distributed devices while maintaining data privacy. As the importance of FL
increases, addressing trustworthiness issues in its various aspects becomes
crucial. In this survey, we provide an extensive overview of the current state
of Trustworthy FL, exploring existing solutions and well-defined pillars
relevant to Trustworthy . Despite the growth in literature on trustworthy
centralized Machine Learning (ML)/Deep Learning (DL), further efforts are
necessary to identify trustworthiness pillars and evaluation metrics specific
to FL models, as well as to develop solutions for computing trustworthiness
levels. We propose a taxonomy that encompasses three main pillars:
Interpretability, Fairness, and Security & Privacy. Each pillar represents a
dimension of trust, further broken down into different notions. Our survey
covers trustworthiness challenges at every level in FL settings. We present a
comprehensive architecture of Trustworthy FL, addressing the fundamental
principles underlying the concept, and offer an in-depth analysis of trust
assessment mechanisms. In conclusion, we identify key research challenges
related to every aspect of Trustworthy FL and suggest future research
directions. This comprehensive survey serves as a valuable resource for
researchers and practitioners working on the development and implementation of
Trustworthy FL systems, contributing to a more secure and reliable AI
landscape.Comment: 45 Pages, 8 Figures, 9 Table
Security and privacy issues in some special-puropse networks
This thesis is about providing security and privacy to new emergent applications which are based on special-purpose networks. More precisely, we study different aspects regarding security and privacy issues related to sensor networks, mobile ad hoc networks, vehicular ad hoc networks and social networks.Sensor networks consist of resource-constrained wireless devices with sensor capabilities. This emerging technology has a wide variety of applications related to event surveillance like emergency response, habitat monitoring or defense-related networks.Ad hoc networks are suited for use in situations where deploying an infrastructure is not cost effective or is not possible for any other reason. When the nodes of an ad hoc network are small mobile devices (e.g. cell phones or PDAs), such a network is called mobile ad hoc network. One of many possible uses of MANETs is to provide crisis management services applications, such as in disaster recovery, where the entire communication infrastructure is destroyed and reestablishing communication quickly is crucial. Another useful situation for MANETs is a scenario without fixed communication systems where there is the need for any kind of collaborative computing. Such situation can occur in both business and military environments.When the mobile nodes of a MANET are embedded in cars, such a network is called Vehicular Ad hoc Network (VANET). This kind of networks can be very useful to increase the road traffic safety and they will be deployed for real use in the forthcoming years. As a proof of that, eight important European vehicle manufacturers have founded the CAR 2 CAR Communication Consortium. This non-profit organisation is dedicated to the objective of further increasing traffic safety and efficiency by means of inter-vehicle communications.Social networks differ from the special-purpose networks commented above in that they are not physical networks. Social networks are applications that work through classic networks. They can be defined as a community of web users where each user can publish and share information and services. Social networks have become an object of study both in computer and social sciences, with even dedicated journals and conferences.The special-purpose networks described above provide a wide range of new services and applications. Even though they are expected to improve the society in several ways, these innovative networks and their related applications bring also security and privacy issues that must be addressed.This thesis solves some security and privacy issues related to such new applications and services. More specifically, it focuses on:·Secure information transmission in many-to-one scenarios with resource-constrained devices such as sensor networks.·Secure and private information sharing in MANETs.·Secure and private information spread in VANETs.·Private resource access in social networks.Results presented in this thesis include four contributions published in ISI JCR journals (IEEE Transactions on Vehicular Technology, Computer Networks (2) and Computer Communications) and two contributions published in two international conferences (Lecture Notes in Computer Science).Esta tesis trata diversos problemas de seguridad y privacidad que surgen al implantar en escenarios reales novedosas aplicaciones basadas en nuevos y emergentes modelos de red. Estos nuevos modelos de red difieren significativamente de las redes de computadores clĂĄsicas y son catalogadas como redes de propĂłsito especial. EspecĂficamente, en este trabajo se estudian diferentes aspectos relacionados con la seguridad de la informaciĂłn y la privacidad de los usuarios en redes de sensores, redes ad hoc mĂłviles (MANETs), redes ad hoc vehiculares (VANETs) y redes sociales.Las redes de sensores estĂĄn formadas por dispositivos inalĂĄmbricos muy limitados a nivel de recursos (capacidad de computaciĂłn y baterĂa) que detectan eventos o condiciones del entorno donde se instalan. Esta tecnologĂa tiene una amplia variedad de aplicaciones entre las que destacan la detecciĂłn de emergencias o la creaciĂłn de perĂmetros de seguridad. Una MANET esta formada por nodos mĂłviles conectados entre ellos mediante conexiones inalĂĄmbricas y de forma auto-organizada. Este tipo de redes se constituye sin la ayuda de infraestructuras, por ello son especialmente Ăștiles en situaciones donde implantar una infraestructura es inviable por ser su coste demasiado elevado o por cualquier otra razĂłn. Una de las muchas aplicaciones de las MANETs es proporcionar servicio en situaciones crĂticas (por ejemplo desastres naturales) donde la infraestructura de comunicaciones ha sido destruida y proporcionar conectividad rĂĄpidamente es crucial. Otra aplicaciĂłn directa aparece en escenarios sin sistemas de comunicaciĂłn fijos donde existe la necesidad de realizar algĂșn tipo de computaciĂłn colaborativa entre diversas mĂĄquinas. Esta situaciĂłn se da tanto en ĂĄmbitos empresariales como militares.Cuando los nodos mĂłviles de una MANET se asocian a vehĂculos (coches, camiones.), dicha red se denomina red ad hoc vehicular o VANET. Este tipo de redes pueden ser muy Ăștiles para incrementar la seguridad vial y se espera su implantaciĂłn para uso real en los prĂłximos años. Como prueba de la gran importancia que tiene esta tecnologĂa, los ocho fabricantes europeos mĂĄs importantes han fundado la CAR 2 CAR Communication Consortium. Esta organizaciĂłn tiene como objetivo incrementar la seguridad y la eficiencia del trĂĄfico mediante el uso de comunicaciones entre los vehĂculos.Las redes sociales se diferencian de las redes especiales descritas anteriormente en que Ă©stas no son redes fĂsicas. Las redes sociales son aplicaciones que funcionan a travĂ©s de las redes de computadores clĂĄsicas. Una red de este tipo puede ser definida como una comunidad de usuarios web en donde dichos usuarios pueden publicar y compartir informaciĂłn y servicios. En la actualidad, las redes sociales han adquirido gran importancia ofreciendo un amplio abanico de posibilidades a sus usuarios: trabajar de forma colaborativa, compartir ficheros, bĂșsqueda de nuevos amigos, etc.A continuaciĂłn se resumen las aplicaciones en las que esta tesis se centra segĂșn el tipo de red asociada:·TransmisiĂłn segura de informaciĂłn en escenarios muchos-a-uno (mĂșltiples emisores y un solo receptor) donde los dispositivos en uso poseen recursos muy limitados. Este escenario es el habitual en redes de sensores.·DistribuciĂłn de informaciĂłn de forma segura y preservando la privacidad de los usuarios en redes ad hoc mĂłviles.·DifusiĂłn de informaciĂłn (con el objeto de incrementar la seguridad vial) fidedigna preservando la privacidad de los usuarios en redes ad hoc vehiculares.·Acceso a recursos en redes sociales preservando la privacidad de los usuarios. Los resultados de la tesis incluyen cuatro publicaciones en revistas ISI JCR (IEEE Transactions on Vehicular Technology, Computer Networks (2) y Computer Communications) y dos publicaciones en congresos internacionales(Lecture Notes in Computer Science)
Revised reference model
This document contains an update of the HIDENETS Reference Model, whose preliminary version was introduced in D1.1. The Reference Model contains the overall approach to development and assessment of end-to-end resilience solutions. As such, it presents a framework, which due to its abstraction level is not only restricted to the HIDENETS car-to-car and car-to-infrastructure applications and use-cases. Starting from a condensed summary of the used dependability terminology, the network architecture containing the ad hoc and infrastructure domain and the definition of the main networking elements together with the software architecture of the mobile nodes is presented. The concept of architectural hybridization and its inclusion in HIDENETS-like dependability solutions is described subsequently. A set of communication and middleware level services following the architecture hybridization concept and motivated by the dependability and resilience challenges raised by HIDENETS-like scenarios is then described. Besides architecture solutions, the reference model addresses the assessment of dependability solutions in HIDENETS-like scenarios using quantitative evaluations, realized by a combination of top-down and bottom-up modelling, as well as verification via test scenarios. In order to allow for fault prevention in the software development phase of HIDENETS-like applications, generic UML-based modelling approaches with focus on dependability related aspects are described. The HIDENETS reference model provides the framework in which the detailed solution in the HIDENETS project are being developed, while at the same time facilitating the same task for non-vehicular scenarios and application
Sécurité dans les réseaux mobiles de nouvelle génération
RĂSUMĂ
Les rĂ©seaux de nouvelle gĂ©nĂ©ration visent Ă converger les rĂ©seaux fixes et mobiles hĂ©tĂ©rogĂšnes afin dâoffrir tous les services Ă travers un rĂ©seau coeur tout IP. Faisant parti du
rĂ©seau dâaccĂšs mobile, un des principaux objectifs du rĂ©seau 4G est de permettre une relĂšve ininterrompue entre les rĂ©seaux cellulaires et WIFI pour ainsi favoriser lâapprivoisement de services vidĂ©o mobiles exigeant des critĂšres de qualitĂ© de service trĂšs stricts Ă moindres coĂ»ts.
Cependant, lâuniformisation du trafic au niveau de la couche rĂ©seau favorise sa centralisation Ă travers un rĂ©seau coeur IP partagĂ© par tous les opĂ©rateurs, la rendant ainsi comme une cible vulnĂ©rable de choix pour les pirates informatiques. La conception de solutions sĂ©curitaires
dans un environnement oĂč les entitĂ©s ne se connaissent pas Ă priori sâannonce comme une tĂąche trĂšs ardue. La thĂšse se penche sur quatre problĂ©matiques importantes dans les rĂ©seaux de nouvelle gĂ©nĂ©ration dont chacune est traitĂ©e dans un article distinct. Les deux premiers articles touchent Ă la sĂ©curitĂ© dans un contexte dĂ©centralisĂ©, Ă savoir les rĂ©seaux mobiles ad hoc (MANETs), alors que les deux derniers proposent des mĂ©canismes innovateurs pour sĂ©curiser des solutions visant Ă rĂ©duire la consommation de bande passante et dâĂ©nergie, en conformitĂ© avec le virage
vert informatique promu par les opĂ©rateurs rĂ©seautiques. Plus prĂ©cisĂ©ment, le troisiĂšme article traite de la sĂ©curisation des flots multicast dans un environnement Ă haut taux de perte de paquet et le dernier propose une solution dâoptimisation de route sĂ©curitaire pour mobile
IPv6 (MIPv6) utilisant une version amĂ©liorĂ©e de lâalgorithme de genĂ©ration dâadresses cryptographiques
(CGA) et les extensions de sécurité du systÚme de nom de domaine (DNSSEC).
Les systĂšmes de dĂ©tection dâintrusion (IDS) pour les MANETs basĂ©s sur la rĂ©putation des noeuds classifient les participants du rĂ©seau selon leur degrĂ© de confiance. Cependant, ils partagent tous une vulnĂ©rabilitĂ© commune : lâimpossibilitĂ© de dĂ©tecter et de rĂ©agir aux attaques complices. Le premier article propose un IDS qui intĂšgre efficacement le risque de collusion entre deux ou plusieurs noeuds malveillants dans le calcul de la fiabilitĂ© dâun
chemin. Lâalgorithme proposÂŽe ne se limite pas quâau nombre et Ă la rĂ©putation des noeuds intermĂ©diaires formant un chemin, mais intĂšgre Ă©galement dâautres informations pertinentes sur les voisins des noeuds intermĂ©diaires dâun chemin pouvant superviser le message original et celui retransmis. Le IDS proposĂ© dĂ©tecte efficacement les noeuds malicieux et complices dans le but de les isoler rapidement du rĂ©seau. Les simulations lancĂ©es dans divers environnements MANETs contenant une proportion variable dâattaquants complices montrent bien lâefficacitĂ© du IDS proposĂ©e en offrant un gain en dĂ©bit considĂ©rable comparativement aux solutions existantes.
Ă lâinstar de prĂ©venir les comportements Ă©goĂŻstes des noeuds par la menace dâĂȘtre privĂ©s de certaines fonctions, voire mĂȘme isolĂ©s du rĂ©seau, due Ă une baisse de rĂ©putation, le second article opte pour un incitatif non-punitif en la monnaie virtuelle plus communĂ©ment appelĂ©e
nuglets. Plus prĂ©cisĂ©ment, lâarticle prĂ©sente un cadre de travail issu de la thĂ©orie des jeux basĂ© sur la compĂ©tition de Bertrand pour inciter les noeuds intermĂ©diaires Ă retransmettre les messages selon les requis de QoS demandĂ©s par la source. Pour quâun noeud source envoie ou accĂšde Ă un flot sensible Ă la QoS comme par exemple les applications en temps rĂ©el, il dĂ©bute par envoyer un contrat qui spĂ©cifie les critĂšres de QoS, sa durĂ©e et son prix de rĂ©serve. Sur rĂ©ception du contrat, les noeuds intermĂ©diaires formant une route entre la source et la destination partagent les informations sur eux-mĂȘmes et celles recueillies sur les noeuds voisins, anciens et courants pour estimer la probabilitĂ© de bris de contrat ainsi que le nombre de compĂ©titeurs actifs. Ces deux paramĂštres sont cruciaux dans le processus de fixation des
prix. Une fois les rĂ©ponses de route recueillies, la source choisit la route la moins chĂšre. Le cadre de travail multijoueur proposĂ©, basĂ© sur la compĂ©tition de Bertrand avec des firmes asymĂ©triques et ayant accĂšs Ă de lâinformation imparfaite, possĂšde un Ă©quilibre de Nash en
stratĂ©gies mixtes dans lequel le profit des firmes est positif et baisse non seulement avec le nombre de compĂ©titeurs, mais aussi avec lâimpression dâune prĂ©cision accrue que les compĂ©titeurs ont sur le coĂ»t de production du joueur. Les rĂ©sultats montrent que lâincertitude sur
les coĂ»ts augmente le taux de la marge brute et la fluctuation des prix tout en diminuant les chances dâhonorer le contrat.
Dans un autre ordre dâidĂ©e, lâintĂ©rĂȘt sans cesse grandissant des opĂ©rateurs Ă converger les rĂ©seaux fixes et mobiles dans le but dâoffrir une relĂšve sans interruption favorise lâutilisation des applications vidĂ©o mobiles qui surchargeront rapidement leurs rĂ©seaux. Dans un contexte
du virage vert qui prend de plus en plus dâampleur dans le domaine des tĂ©lĂ©communications, la transmission des flots en multidiffusion (multicast) devient essentiel dans le but de rĂ©duire la consommation de bande passante et la congestion du rĂ©seau en rejoignant simultanĂ©ment plusieurs destinataires. La sĂ©curisation des flots en multidiffusion a Ă©tĂ© largement Ă©tudiĂ©e dans la littĂ©rature antĂ©rieure, cependant aucune des solutions proposĂ©es ne tient compte des
contraintes imposĂ©es par les liaisons sans fil et la mobilitĂ© des noeuds, en particulier le haut taux de perte de paquets. La nĂ©cessitĂ© dâun mĂ©canisme de distribution de clĂ©s rĂ©gĂ©nĂ©ratrices efficace et pouvant supporter un grand bassin dâabonnĂ©s pour les rĂ©seaux mobiles nâaura jamais Ă©tĂ© aussi urgent avec lâarrivĂ©e de la convergence fixe-mobile dans les rĂ©seaux 4G.
Le troisiÚme article présente deux algorithmes de clés régénératrices basés sur les chaßnes de hachage bidirectionnelles pour le protocole de distribution de clés logical key hierarchy (LKH).
Ainsi, un membre ayant perdu jusquâĂ un certain nombre de clĂ©s de dĂ©chiffrement consĂ©cutives pourrait lui-mĂȘme les rĂ©gĂ©nĂ©rer sans faire la requĂȘte de retransmission au serveur de clĂ©s.
Les simulations effectuĂ©es montrent que les algorithmes proposĂ©s offrent des amĂ©liorations considĂ©rables dans un environnement de rĂ©seau mobile Ă taux de perte de paquet, notamment dans le percentage de messages dĂ©chiffrĂ©s. Le souci dâefficacitĂ© Ă©nergĂ©tique est Ă©galement prĂ©sent pour les opĂ©rateurs de rĂ©seaux cellulaires. Dâailleurs, prĂšs de la moitiĂ© des abonnements sur Internet proviennent prĂ©sentement dâunitĂ©s mobiles et il est attendu que ce groupe dâutilisateurs deviennent le plus grand bassin
dâusagers sur Internet dans la prochaine dĂ©cennie. Pour supporter cette croissance rapide du nombre dâutilisateurs mobiles, le choix le plus naturel pour les opĂ©rateurs serait de remplacer mobile IPv4 par MIPv6. Or, la fonction dâoptimisation de route (RO), qui remplace le routage
triangulaire inefficace de MIP en permettant au noeud mobile (MN) une communication bidirectionnelle avec le noeud correspondant (CN) sans faire passer les messages Ă travers lâagent du rĂ©seau mĂšre (HA), est dĂ©ficiente au niveau de la sĂ©curitĂ©. Lâabsence dâinformations prĂ©-partagĂ©es entre le MN et le CN rend la sĂ©curisation du RO un dĂ©fi de taille. MIPv6 adopte la routabilitĂ© de retour (RR) qui est davantage un mĂ©canisme qui vĂ©rifie lâaccessibilitĂ© du MN sur son adresse du rĂ©seau mĂšre (HoA) et du rĂ©seau visitĂ© (CoA) plutĂŽt quâune fonction de
sĂ©curitĂ©. Dâautres travaux se sont attaquĂ©s aux nombreuses failles de sĂ©curitĂ© du RR, mais soit leur conception est fautive, soit leurs suppositions sont irrĂ©alistes. Le quatriĂšme article prĂ©sente une version amĂ©liorĂ©e de lâalgorithme de gĂ©nĂ©ration cryptographique dâadresse (ECGA)
pour MIPv6 qui intĂšgre une chaĂźne de hachage arriĂšre et offre de lier plusieurs adresses CGA ensemble. ECGA Ă©limine les attaques de compromis temps-mĂ©moire tout en Ă©tant efficace. Ce mĂ©canisme de gĂ©nĂ©ration dâadresse fait parti du protocole Secure MIPv6 (SMIPv6) proposĂ© avec un RO sĂ©curitaire et efficace grĂące Ă DNSSEC pour valider les CGAs qui proviennent dâun domaine de confiance et qui permet une authentification forte plutĂŽt que lâinvariance de
source. Le vĂ©rificateur de protocoles cryptographiques dans le modĂšle formel AVISPA a Ă©tĂ© utilisĂ© pour montrer quâaucune faille de sĂ©curitĂ© nâest prĂ©sente tout en limitant au maximum les messages Ă©changĂ©s dans le rĂ©seau dâaccĂšs. ----------ABSTRACT
Next generation networks aim at offering all available services through an IP-core network by converging fixed-mobile heterogeneous networks. As part of the mobile access network, one of the main objectives of the 4G network is to provide seamless roaming with wireless local area networks and accommodating quality of service (QoS) specifications for digital video broadcasting systems. Such innovation aims expanding video-based digital services while reducing costs by normalizing the network layer through an all-IP architecture such as Internet. However, centralizing all traffic makes the shared core network a vulnerable target
for attackers. Design security solutions in such an environment where entities a priori do not know each other represent a daunting task.
This thesis tackles four important security issues in next generation networks each in distinct papers. The first two deal with security in decentralized mobile ad hoc networks
(MANETs) while the last two focus on securing solutions aiming at reducing bandwidth and energy consumption, in line with the green shift promoted by network operators. More precisely, the third paper is about protecting multicast flows in a packet-loss environment and the last one proposes a secure route optimization function in mobile IPv6 (MIPv6) using an enhanced version of cryptographically generated address (CGA) and domain name service security extensions (DNSSEC).
Most intrusion detection systems (IDS) for MANETs are based on reputation system which classifies nodes according to their degree of trust. However, existing IDS all share the
same major weakness: the failure to detect and react on colluding attacks. The first paper proposes an IDS that integrates the colluding risk factor into the computation of the path reliability which considers the number and the reputation of nodes that can compare both the source message and the retransmitted one. Also, the extended architecture effectively detects malicious and colluding nodes in order to isolate them and protect the network. The
simulations launched in various MANETs containing various proportions of malicious and colluding nodes show that the proposed solution offers a considerable throughput gain compared to current solutions. By effectively selecting the most reliable route and by promptly detecting colluding attacks, the number of lost messages is decreased, and therefore, offering more efficient transmissions.
Instead of thwarting selfishness in MANETs by threatening nodes to limit their network functions, the second paper opts for a non-punishment incentive by compensating nodes for their service through the use of virtual money, more commonly known as nuglets. The last paper presents a game-theoretic framework based on Bertrand competition to incite relaying nodes in forwarding messages according to QoS requirements. For a source to send or access
QoS-sensitive flows, such as real-time applications, it starts by sending a contract specifying the QoS requirements, its duration and a reservation price. Upon receiving a contract submission, intermediary nodes forming a route between the source and the destination share their current and past collected information on themselves and on surrounding nodes to estimate the probability of breaching the contract and the number of active competitors. Both
parameters are crucial in setting a price. Once the source gets the responses from various routes, it selects the most cheapest one. This multiplayer winner-takes-all framework based on Bertrand competition with firms having asymmetric costs and access imperfect information has a mixed-strategy equilibrium in which industry profits are positive and decline not only with the number of firms having an estimated cost below the reservation price but also with the perception of a greater accuracy on a playerâs cost that competitors have. In fact,results show that cost uncertainty increases firmsâ gross margin rate and the prices fluctuation while making the contract honoring much riskier.
On another topic, with the growing interest in converging fixed and mobile networks, mobile applications will require more and more resources from both the network and the
mobile device. In a social-motivated context of shifting into green technologies, using multicast transmissions is essential because it lowers bandwidth consumption by simultaneously reaching a group of multiple recipients. Securing multicast flows has been extensively studied
in the past, but none of the existing solutions were meant to handle the constraints imposed by mobile scenarios, in particular the high packet-loss rate. The need for a low overhead selfhealing rekeying mechanism that is scalable, reliable and suitable for mobile environments has never been more urgent than with the arrival of fixed-mobile convergence in 4G networks.
The second paper presents two self-healing recovery schemes based on the dual directional hash chains for the logical key hierarchy rekeying protocol. This enables a member that has missed up to m consecutive key updates to recover the missing decryption keys without asking the group controller key server for retransmission. Conducted simulations show considerable improvements in the ratio of decrypted messages and in the rekey message overhead in high packet loss environments. The concern of energy efficiency is also present for mobile access network operators. In fact, nearly half of all Internet subscribers come from mobile units at the moment and it is expected to be the largest pool of Internet users by the next decade. The most obvious
choice for mobile operators to support more users would be to replace Mobile IP for IPv4 with MIPv6. However, the Route Optimization (RO) function, which replaces the inefficient triangle routing by allowing a bidirectional communication between a mobile node (MN) and the corresponding node (CN) without passing through its home agent (HA), is not secure and has a high overhead. The lack of pre-shared information between the MN and the CN makes
security in RO a difficult challenge. MIPv6 adopts the return routability (RR) mechanism which is more to verify the MN reachability in both its home address (HoA) and care-of address (CoA) than a security feature. Other works attempted to solve the multiple security issues in RR but either their design are flawed, or rely on unrealistic assumptions. The third paper presents an enhanced cryptographically generated address (ECGA) for MIPv6 that
integrates a built-in backward key chain and offers support to bind multiple logically-linked CGAs together. ECGA tackles the time-memory tradeoff attacks while being very efficient. It is part of the proposed secure MIPv6 (SMIPv6) with secure and efficient RO which uses DNSSEC to validate CGAs from trusted domains and provide strong authentication rather than sender invariance. The AVISPA on-the-fly model checker (OFMC) tool has been used to show that the proposed solution has no security flaws while still being lightweight in signalling messages in the radio network
Mobile Ad Hoc Networks
Guiding readers through the basics of these rapidly emerging networks to more advanced concepts and future expectations, Mobile Ad hoc Networks: Current Status and Future Trends identifies and examines the most pressing research issues in Mobile Ad hoc Networks (MANETs). Containing the contributions of leading researchers, industry professionals, and academics, this forward-looking reference provides an authoritative perspective of the state of the art in MANETs. The book includes surveys of recent publications that investigate key areas of interest such as limited resources and the mobility of mobile nodes. It considers routing, multicast, energy, security, channel assignment, and ensuring quality of service. Also suitable as a text for graduate students, the book is organized into three sections: Fundamentals of MANET Modeling and SimulationâDescribes how MANETs operate and perform through simulations and models Communication Protocols of MANETsâPresents cutting-edge research on key issues, including MAC layer issues and routing in high mobility Future Networks Inspired By MANETsâTackles open research issues and emerging trends Illustrating the role MANETs are likely to play in future networks, this book supplies the foundation and insight you will need to make your own contributions to the field. It includes coverage of routing protocols, modeling and simulations tools, intelligent optimization techniques to multicriteria routing, security issues in FHAMIPv6, connecting moving smart objects to the Internet, underwater sensor networks, wireless mesh network architecture and protocols, adaptive routing provision using Bayesian inference, and adaptive flow control in transport layer using genetic algorithms
Secure Incentives to Cooperate for Wireless Networks
The operating principle of certain wireless networks makes essential the cooperation between the mobile nodes. However, if each node is an autonomous selfish entity, cooperation is not guaranteed and therefore we need to use incentive techniques. In this thesis, we study cooperation in three different types of networks: WiFi networks, Wireless Mesh Networks (WMNs), and Hybrid Ad-hoc networks. Cooperation has a different goal for each of these networks, we thus propose incentive mechanisms adapted to each case. In the first chapter of this thesis, we consider WiFi networks whose wide-scale adoption is impeded by two major hurdles: the lack of a seamless roaming scheme and the variable QoS experienced by the users. We devise a reputation-based solution that (i) allows a mobile node to connect to a foreign Wireless ISP in a secure way while preserving his anonymity and (ii) encourages the WISPs to cooperate, i.e., to provide the mobile clients with a good QoS. Cooperation appears here twofold: First, the mobile clients have to collaborate in order to build and maintain the reputation system and second, the use of this reputation system encourages the WISPs to cooperate. We show, by means of simulations, that our reputation model indeed encourages the WISPs to behave correctly and we analyze the robustness of our solution against various attacks. In the second chapter of the thesis, we consider Wireless Mesh Networks (WMNs), a new and promising paradigm that uses multi-hop communications to extend WiFi networks. Indeed, by connecting only one hot spot to the Internet and by deploying several Transit Access Points (TAPs), a WISP can extend its coverage and serve a large number of clients at a very low cost. We analyze the characteristics of WMNs and deduce three fundamental network operations that need to be secured: (i) the routing protocol, (ii) the detection of corrupt TAPs and (iii) the enforcement of a proper fairness metric in WMNs. We focus on the fairness problem and propose FAME, an adaptive max-min fair resource allocation mechanism for WMNs. FAME provides a fair, collision-free capacity use of the WMN and automatically adjusts to the traffic demand fluctuations of the mobile clients. We develop the foundations of the mechanism and demonstrate its efficiency by means of simulations. We also experimentally assess the utility of our solution when TAPs are equipped with directional antennas and distinct sending and receiving interfaces in the Magnets testbed deployed in Berlin. In the third and last chapter of this thesis, we consider Hybrid Ad-hoc networks, i.e., infrastructured networks that are extended using multi-hop communications. We propose a secure set of protocols to encourage the most fundamental operation in these networks, namely packet forwarding. This solution is based on a charging and rewarding system. We use "MAC layering" to reduce the space overhead in the packets and a stream cipher encryption mechanism to provide "implicit authentication" of the nodes involved in the communication. We analyze the robustness of our protocols against rational and malicious attacks. We show that the use of our solution makes cooperation rational for selfish nodes. We also show that our protocols thwart rational attacks and detect malicious attacks
Two-tier Intrusion Detection System for Mobile Ad Hoc Networks
Nowadays, a commonly used wireless network (i.e. Wi-Fi) operates with the aid of a fixed
infrastructure (i.e. an access point) to facilitate communication between nodes when they
roam from one location to another. The need for such a fixed supporting infrastructure
limits the adaptability of the wireless network, especially in situations where the
deployment of such an infrastructure is impractical. In addition, Wi-Fi limits nodes'
communication as it only provides facility for mobile nodes to send and receive
information, but not reroute the information across the network. Recent advancements in
computer network introduced a new wireless network, known as a Mobile Ad Hoc
Network (MANET), to overcome these limitations.
MANET has a set of unique characteristics that make it different from other kind of
wireless networks. Often referred as a peer to peer network, such a network does not have
any fixed topology, thus nodes are free to roam anywhere, and could join or leave the
network anytime they desire. Its ability to be setup without the need of any infrastructure is
very useful, especially in geographically constrained environments such as in a military
battlefield or a disaster relief operation. In addition, through its multi hop routing facility,
each node could function as a router, thus communication between nodes could be made
available without the need of a supporting fixed router or an access point. However, these
handy facilities come with big challenges, especially in dealing with the security issues.
This research aims to address MANET security issues by proposing a novel intrusion
detection system that could be used to complement existing prevention mechanisms that
have been proposed to secure such a network.
A comprehensive analysis of attacks and the existing security measures proved that there is
a need for an Intrusion Detection System (IDS) to protect MANETs against security threats.
The analysis also suggested that the existing IDS proposed for MANET are not immune
against a colluding blackmail attack due to the nature of such a network that comprises
autonomous and anonymous nodes. The IDS architecture as proposed in this study utilises
trust relationships between nodes to overcome this nodes' anonymity issue. Through a
friendship mechanism, the problems of false accusations and false alarms caused by
blackmail attackers in global detection and response mechanisms could be eliminated.
The applicability of the friendship concept as well as other proposed mechanisms to solve
MANET IDS related issues have been validated through a set of simulation experiments.
Several MANET settings, which differ from each other based on the network's density
level, the number of initial trusted friends owned by each node, and the duration of the
simulation times, have been used to study the effects of such factors towards the overall
performance of the proposed IDS framework. The results obtained from the experiments
proved that the proposed concepts are capable to at least minimise i f not fully eliminate the
problem currently faced in MANET IDS
- âŠ