Quality of Information in Mobile Crowdsensing: Survey and Research Challenges

Smartphones have become the most pervasive devices in people's lives, and are clearly transforming the way we live and perceive technology. Today's smartphones benefit from almost ubiquitous Internet connectivity and come equipped with a plethora of inexpensive yet powerful embedded sensors, such as accelerometer, gyroscope, microphone, and camera. This unique combination has enabled revolutionary applications based on the mobile crowdsensing paradigm, such as real-time road traffic monitoring, air and noise pollution, crime control, and wildlife monitoring, just to name a few. Differently from prior sensing paradigms, humans are now the primary actors of the sensing process, since they become fundamental in retrieving reliable and up-to-date information about the event being monitored. As humans may behave unreliably or maliciously, assessing and guaranteeing Quality of Information (QoI) becomes more important than ever. In this paper, we provide a new framework for defining and enforcing the QoI in mobile crowdsensing, and analyze in depth the current state-of-the-art on the topic. We also outline novel research challenges, along with possible directions of future work.Comment: To appear in ACM Transactions on Sensor Networks (TOSN

Trustworthy Federated Learning: A Survey

Federated Learning (FL) has emerged as a significant advancement in the field of Artificial Intelligence (AI), enabling collaborative model training across distributed devices while maintaining data privacy. As the importance of FL increases, addressing trustworthiness issues in its various aspects becomes crucial. In this survey, we provide an extensive overview of the current state of Trustworthy FL, exploring existing solutions and well-defined pillars relevant to Trustworthy . Despite the growth in literature on trustworthy centralized Machine Learning (ML)/Deep Learning (DL), further efforts are necessary to identify trustworthiness pillars and evaluation metrics specific to FL models, as well as to develop solutions for computing trustworthiness levels. We propose a taxonomy that encompasses three main pillars: Interpretability, Fairness, and Security & Privacy. Each pillar represents a dimension of trust, further broken down into different notions. Our survey covers trustworthiness challenges at every level in FL settings. We present a comprehensive architecture of Trustworthy FL, addressing the fundamental principles underlying the concept, and offer an in-depth analysis of trust assessment mechanisms. In conclusion, we identify key research challenges related to every aspect of Trustworthy FL and suggest future research directions. This comprehensive survey serves as a valuable resource for researchers and practitioners working on the development and implementation of Trustworthy FL systems, contributing to a more secure and reliable AI landscape.Comment: 45 Pages, 8 Figures, 9 Table

Security and privacy issues in some special-puropse networks

This thesis is about providing security and privacy to new emergent applications which are based on special-purpose networks. More precisely, we study different aspects regarding security and privacy issues related to sensor networks, mobile ad hoc networks, vehicular ad hoc networks and social networks.Sensor networks consist of resource-constrained wireless devices with sensor capabilities. This emerging technology has a wide variety of applications related to event surveillance like emergency response, habitat monitoring or defense-related networks.Ad hoc networks are suited for use in situations where deploying an infrastructure is not cost effective or is not possible for any other reason. When the nodes of an ad hoc network are small mobile devices (e.g. cell phones or PDAs), such a network is called mobile ad hoc network. One of many possible uses of MANETs is to provide crisis management services applications, such as in disaster recovery, where the entire communication infrastructure is destroyed and reestablishing communication quickly is crucial. Another useful situation for MANETs is a scenario without fixed communication systems where there is the need for any kind of collaborative computing. Such situation can occur in both business and military environments.When the mobile nodes of a MANET are embedded in cars, such a network is called Vehicular Ad hoc Network (VANET). This kind of networks can be very useful to increase the road traffic safety and they will be deployed for real use in the forthcoming years. As a proof of that, eight important European vehicle manufacturers have founded the CAR 2 CAR Communication Consortium. This non-profit organisation is dedicated to the objective of further increasing traffic safety and efficiency by means of inter-vehicle communications.Social networks differ from the special-purpose networks commented above in that they are not physical networks. Social networks are applications that work through classic networks. They can be defined as a community of web users where each user can publish and share information and services. Social networks have become an object of study both in computer and social sciences, with even dedicated journals and conferences.The special-purpose networks described above provide a wide range of new services and applications. Even though they are expected to improve the society in several ways, these innovative networks and their related applications bring also security and privacy issues that must be addressed.This thesis solves some security and privacy issues related to such new applications and services. More specifically, it focuses on:·Secure information transmission in many-to-one scenarios with resource-constrained devices such as sensor networks.·Secure and private information sharing in MANETs.·Secure and private information spread in VANETs.·Private resource access in social networks.Results presented in this thesis include four contributions published in ISI JCR journals (IEEE Transactions on Vehicular Technology, Computer Networks (2) and Computer Communications) and two contributions published in two international conferences (Lecture Notes in Computer Science).Esta tesis trata diversos problemas de seguridad y privacidad que surgen al implantar en escenarios reales novedosas aplicaciones basadas en nuevos y emergentes modelos de red. Estos nuevos modelos de red difieren significativamente de las redes de computadores clásicas y son catalogadas como redes de propósito especial. Específicamente, en este trabajo se estudian diferentes aspectos relacionados con la seguridad de la información y la privacidad de los usuarios en redes de sensores, redes ad hoc móviles (MANETs), redes ad hoc vehiculares (VANETs) y redes sociales.Las redes de sensores están formadas por dispositivos inalámbricos muy limitados a nivel de recursos (capacidad de computación y batería) que detectan eventos o condiciones del entorno donde se instalan. Esta tecnología tiene una amplia variedad de aplicaciones entre las que destacan la detección de emergencias o la creación de perímetros de seguridad. Una MANET esta formada por nodos móviles conectados entre ellos mediante conexiones inalámbricas y de forma auto-organizada. Este tipo de redes se constituye sin la ayuda de infraestructuras, por ello son especialmente útiles en situaciones donde implantar una infraestructura es inviable por ser su coste demasiado elevado o por cualquier otra razón. Una de las muchas aplicaciones de las MANETs es proporcionar servicio en situaciones críticas (por ejemplo desastres naturales) donde la infraestructura de comunicaciones ha sido destruida y proporcionar conectividad rápidamente es crucial. Otra aplicación directa aparece en escenarios sin sistemas de comunicación fijos donde existe la necesidad de realizar algún tipo de computación colaborativa entre diversas máquinas. Esta situación se da tanto en ámbitos empresariales como militares.Cuando los nodos móviles de una MANET se asocian a vehículos (coches, camiones.), dicha red se denomina red ad hoc vehicular o VANET. Este tipo de redes pueden ser muy útiles para incrementar la seguridad vial y se espera su implantación para uso real en los próximos años. Como prueba de la gran importancia que tiene esta tecnología, los ocho fabricantes europeos más importantes han fundado la CAR 2 CAR Communication Consortium. Esta organización tiene como objetivo incrementar la seguridad y la eficiencia del tráfico mediante el uso de comunicaciones entre los vehículos.Las redes sociales se diferencian de las redes especiales descritas anteriormente en que éstas no son redes físicas. Las redes sociales son aplicaciones que funcionan a través de las redes de computadores clásicas. Una red de este tipo puede ser definida como una comunidad de usuarios web en donde dichos usuarios pueden publicar y compartir información y servicios. En la actualidad, las redes sociales han adquirido gran importancia ofreciendo un amplio abanico de posibilidades a sus usuarios: trabajar de forma colaborativa, compartir ficheros, búsqueda de nuevos amigos, etc.A continuación se resumen las aplicaciones en las que esta tesis se centra según el tipo de red asociada:·Transmisión segura de información en escenarios muchos-a-uno (múltiples emisores y un solo receptor) donde los dispositivos en uso poseen recursos muy limitados. Este escenario es el habitual en redes de sensores.·Distribución de información de forma segura y preservando la privacidad de los usuarios en redes ad hoc móviles.·Difusión de información (con el objeto de incrementar la seguridad vial) fidedigna preservando la privacidad de los usuarios en redes ad hoc vehiculares.·Acceso a recursos en redes sociales preservando la privacidad de los usuarios. Los resultados de la tesis incluyen cuatro publicaciones en revistas ISI JCR (IEEE Transactions on Vehicular Technology, Computer Networks (2) y Computer Communications) y dos publicaciones en congresos internacionales(Lecture Notes in Computer Science)

Revised reference model

This document contains an update of the HIDENETS Reference Model, whose preliminary version was introduced in D1.1. The Reference Model contains the overall approach to development and assessment of end-to-end resilience solutions. As such, it presents a framework, which due to its abstraction level is not only restricted to the HIDENETS car-to-car and car-to-infrastructure applications and use-cases. Starting from a condensed summary of the used dependability terminology, the network architecture containing the ad hoc and infrastructure domain and the definition of the main networking elements together with the software architecture of the mobile nodes is presented. The concept of architectural hybridization and its inclusion in HIDENETS-like dependability solutions is described subsequently. A set of communication and middleware level services following the architecture hybridization concept and motivated by the dependability and resilience challenges raised by HIDENETS-like scenarios is then described. Besides architecture solutions, the reference model addresses the assessment of dependability solutions in HIDENETS-like scenarios using quantitative evaluations, realized by a combination of top-down and bottom-up modelling, as well as verification via test scenarios. In order to allow for fault prevention in the software development phase of HIDENETS-like applications, generic UML-based modelling approaches with focus on dependability related aspects are described. The HIDENETS reference model provides the framework in which the detailed solution in the HIDENETS project are being developed, while at the same time facilitating the same task for non-vehicular scenarios and application

Sécurité dans les réseaux mobiles de nouvelle génération

RÉSUMÉ Les réseaux de nouvelle génération visent à converger les réseaux fixes et mobiles hétérogènes afin d’offrir tous les services à travers un réseau coeur tout IP. Faisant parti du réseau d’accès mobile, un des principaux objectifs du réseau 4G est de permettre une relève ininterrompue entre les réseaux cellulaires et WIFI pour ainsi favoriser l’apprivoisement de services vidéo mobiles exigeant des critères de qualité de service très stricts à moindres coûts. Cependant, l’uniformisation du trafic au niveau de la couche réseau favorise sa centralisation à travers un réseau coeur IP partagé par tous les opérateurs, la rendant ainsi comme une cible vulnérable de choix pour les pirates informatiques. La conception de solutions sécuritaires dans un environnement où les entités ne se connaissent pas à priori s’annonce comme une tâche très ardue. La thèse se penche sur quatre problématiques importantes dans les réseaux de nouvelle génération dont chacune est traitée dans un article distinct. Les deux premiers articles touchent à la sécurité dans un contexte décentralisé, à savoir les réseaux mobiles ad hoc (MANETs), alors que les deux derniers proposent des mécanismes innovateurs pour sécuriser des solutions visant à réduire la consommation de bande passante et d’énergie, en conformité avec le virage vert informatique promu par les opérateurs réseautiques. Plus précisément, le troisième article traite de la sécurisation des flots multicast dans un environnement à haut taux de perte de paquet et le dernier propose une solution d’optimisation de route sécuritaire pour mobile IPv6 (MIPv6) utilisant une version améliorée de l’algorithme de genération d’adresses cryptographiques (CGA) et les extensions de sécurité du système de nom de domaine (DNSSEC). Les systèmes de détection d’intrusion (IDS) pour les MANETs basés sur la réputation des noeuds classifient les participants du réseau selon leur degré de confiance. Cependant, ils partagent tous une vulnérabilité commune : l’impossibilité de détecter et de réagir aux attaques complices. Le premier article propose un IDS qui intègre efficacement le risque de collusion entre deux ou plusieurs noeuds malveillants dans le calcul de la fiabilité d’un chemin. L’algorithme propos´e ne se limite pas qu’au nombre et à la réputation des noeuds intermédiaires formant un chemin, mais intègre également d’autres informations pertinentes sur les voisins des noeuds intermédiaires d’un chemin pouvant superviser le message original et celui retransmis. Le IDS proposé détecte efficacement les noeuds malicieux et complices dans le but de les isoler rapidement du réseau. Les simulations lancées dans divers environnements MANETs contenant une proportion variable d’attaquants complices montrent bien l’efficacité du IDS proposée en offrant un gain en débit considérable comparativement aux solutions existantes. À l’instar de prévenir les comportements égoïstes des noeuds par la menace d’être privés de certaines fonctions, voire même isolés du réseau, due à une baisse de réputation, le second article opte pour un incitatif non-punitif en la monnaie virtuelle plus communément appelée nuglets. Plus précisément, l’article présente un cadre de travail issu de la théorie des jeux basé sur la compétition de Bertrand pour inciter les noeuds intermédiaires à retransmettre les messages selon les requis de QoS demandés par la source. Pour qu’un noeud source envoie ou accède à un flot sensible à la QoS comme par exemple les applications en temps réel, il débute par envoyer un contrat qui spécifie les critères de QoS, sa durée et son prix de réserve. Sur réception du contrat, les noeuds intermédiaires formant une route entre la source et la destination partagent les informations sur eux-mêmes et celles recueillies sur les noeuds voisins, anciens et courants pour estimer la probabilité de bris de contrat ainsi que le nombre de compétiteurs actifs. Ces deux paramètres sont cruciaux dans le processus de fixation des prix. Une fois les réponses de route recueillies, la source choisit la route la moins chère. Le cadre de travail multijoueur proposé, basé sur la compétition de Bertrand avec des firmes asymétriques et ayant accès à de l’information imparfaite, possède un équilibre de Nash en stratégies mixtes dans lequel le profit des firmes est positif et baisse non seulement avec le nombre de compétiteurs, mais aussi avec l’impression d’une précision accrue que les compétiteurs ont sur le coût de production du joueur. Les résultats montrent que l’incertitude sur les coûts augmente le taux de la marge brute et la fluctuation des prix tout en diminuant les chances d’honorer le contrat. Dans un autre ordre d’idée, l’intérêt sans cesse grandissant des opérateurs à converger les réseaux fixes et mobiles dans le but d’offrir une relève sans interruption favorise l’utilisation des applications vidéo mobiles qui surchargeront rapidement leurs réseaux. Dans un contexte du virage vert qui prend de plus en plus d’ampleur dans le domaine des télécommunications, la transmission des flots en multidiffusion (multicast) devient essentiel dans le but de réduire la consommation de bande passante et la congestion du réseau en rejoignant simultanément plusieurs destinataires. La sécurisation des flots en multidiffusion a été largement étudiée dans la littérature antérieure, cependant aucune des solutions proposées ne tient compte des contraintes imposées par les liaisons sans fil et la mobilité des noeuds, en particulier le haut taux de perte de paquets. La nécessité d’un mécanisme de distribution de clés régénératrices efficace et pouvant supporter un grand bassin d’abonnés pour les réseaux mobiles n’aura jamais été aussi urgent avec l’arrivée de la convergence fixe-mobile dans les réseaux 4G. Le troisième article présente deux algorithmes de clés régénératrices basés sur les chaînes de hachage bidirectionnelles pour le protocole de distribution de clés logical key hierarchy (LKH). Ainsi, un membre ayant perdu jusqu’à un certain nombre de clés de déchiffrement consécutives pourrait lui-même les régénérer sans faire la requête de retransmission au serveur de clés. Les simulations effectuées montrent que les algorithmes proposés offrent des améliorations considérables dans un environnement de réseau mobile à taux de perte de paquet, notamment dans le percentage de messages déchiffrés. Le souci d’efficacité énergétique est également présent pour les opérateurs de réseaux cellulaires. D’ailleurs, près de la moitié des abonnements sur Internet proviennent présentement d’unités mobiles et il est attendu que ce groupe d’utilisateurs deviennent le plus grand bassin d’usagers sur Internet dans la prochaine décennie. Pour supporter cette croissance rapide du nombre d’utilisateurs mobiles, le choix le plus naturel pour les opérateurs serait de remplacer mobile IPv4 par MIPv6. Or, la fonction d’optimisation de route (RO), qui remplace le routage triangulaire inefficace de MIP en permettant au noeud mobile (MN) une communication bidirectionnelle avec le noeud correspondant (CN) sans faire passer les messages à travers l’agent du réseau mère (HA), est déficiente au niveau de la sécurité. L’absence d’informations pré-partagées entre le MN et le CN rend la sécurisation du RO un défi de taille. MIPv6 adopte la routabilité de retour (RR) qui est davantage un mécanisme qui vérifie l’accessibilité du MN sur son adresse du réseau mère (HoA) et du réseau visité (CoA) plutôt qu’une fonction de sécurité. D’autres travaux se sont attaqués aux nombreuses failles de sécurité du RR, mais soit leur conception est fautive, soit leurs suppositions sont irréalistes. Le quatrième article présente une version améliorée de l’algorithme de génération cryptographique d’adresse (ECGA) pour MIPv6 qui intègre une chaîne de hachage arrière et offre de lier plusieurs adresses CGA ensemble. ECGA élimine les attaques de compromis temps-mémoire tout en étant efficace. Ce mécanisme de génération d’adresse fait parti du protocole Secure MIPv6 (SMIPv6) proposé avec un RO sécuritaire et efficace grâce à DNSSEC pour valider les CGAs qui proviennent d’un domaine de confiance et qui permet une authentification forte plutôt que l’invariance de source. Le vérificateur de protocoles cryptographiques dans le modèle formel AVISPA a été utilisé pour montrer qu’aucune faille de sécurité n’est présente tout en limitant au maximum les messages échangés dans le réseau d’accès. ----------ABSTRACT Next generation networks aim at offering all available services through an IP-core network by converging fixed-mobile heterogeneous networks. As part of the mobile access network, one of the main objectives of the 4G network is to provide seamless roaming with wireless local area networks and accommodating quality of service (QoS) specifications for digital video broadcasting systems. Such innovation aims expanding video-based digital services while reducing costs by normalizing the network layer through an all-IP architecture such as Internet. However, centralizing all traffic makes the shared core network a vulnerable target for attackers. Design security solutions in such an environment where entities a priori do not know each other represent a daunting task. This thesis tackles four important security issues in next generation networks each in distinct papers. The first two deal with security in decentralized mobile ad hoc networks (MANETs) while the last two focus on securing solutions aiming at reducing bandwidth and energy consumption, in line with the green shift promoted by network operators. More precisely, the third paper is about protecting multicast flows in a packet-loss environment and the last one proposes a secure route optimization function in mobile IPv6 (MIPv6) using an enhanced version of cryptographically generated address (CGA) and domain name service security extensions (DNSSEC). Most intrusion detection systems (IDS) for MANETs are based on reputation system which classifies nodes according to their degree of trust. However, existing IDS all share the same major weakness: the failure to detect and react on colluding attacks. The first paper proposes an IDS that integrates the colluding risk factor into the computation of the path reliability which considers the number and the reputation of nodes that can compare both the source message and the retransmitted one. Also, the extended architecture effectively detects malicious and colluding nodes in order to isolate them and protect the network. The simulations launched in various MANETs containing various proportions of malicious and colluding nodes show that the proposed solution offers a considerable throughput gain compared to current solutions. By effectively selecting the most reliable route and by promptly detecting colluding attacks, the number of lost messages is decreased, and therefore, offering more efficient transmissions. Instead of thwarting selfishness in MANETs by threatening nodes to limit their network functions, the second paper opts for a non-punishment incentive by compensating nodes for their service through the use of virtual money, more commonly known as nuglets. The last paper presents a game-theoretic framework based on Bertrand competition to incite relaying nodes in forwarding messages according to QoS requirements. For a source to send or access QoS-sensitive flows, such as real-time applications, it starts by sending a contract specifying the QoS requirements, its duration and a reservation price. Upon receiving a contract submission, intermediary nodes forming a route between the source and the destination share their current and past collected information on themselves and on surrounding nodes to estimate the probability of breaching the contract and the number of active competitors. Both parameters are crucial in setting a price. Once the source gets the responses from various routes, it selects the most cheapest one. This multiplayer winner-takes-all framework based on Bertrand competition with firms having asymmetric costs and access imperfect information has a mixed-strategy equilibrium in which industry profits are positive and decline not only with the number of firms having an estimated cost below the reservation price but also with the perception of a greater accuracy on a player’s cost that competitors have. In fact,results show that cost uncertainty increases firms’ gross margin rate and the prices fluctuation while making the contract honoring much riskier. On another topic, with the growing interest in converging fixed and mobile networks, mobile applications will require more and more resources from both the network and the mobile device. In a social-motivated context of shifting into green technologies, using multicast transmissions is essential because it lowers bandwidth consumption by simultaneously reaching a group of multiple recipients. Securing multicast flows has been extensively studied in the past, but none of the existing solutions were meant to handle the constraints imposed by mobile scenarios, in particular the high packet-loss rate. The need for a low overhead selfhealing rekeying mechanism that is scalable, reliable and suitable for mobile environments has never been more urgent than with the arrival of fixed-mobile convergence in 4G networks. The second paper presents two self-healing recovery schemes based on the dual directional hash chains for the logical key hierarchy rekeying protocol. This enables a member that has missed up to m consecutive key updates to recover the missing decryption keys without asking the group controller key server for retransmission. Conducted simulations show considerable improvements in the ratio of decrypted messages and in the rekey message overhead in high packet loss environments. The concern of energy efficiency is also present for mobile access network operators. In fact, nearly half of all Internet subscribers come from mobile units at the moment and it is expected to be the largest pool of Internet users by the next decade. The most obvious choice for mobile operators to support more users would be to replace Mobile IP for IPv4 with MIPv6. However, the Route Optimization (RO) function, which replaces the inefficient triangle routing by allowing a bidirectional communication between a mobile node (MN) and the corresponding node (CN) without passing through its home agent (HA), is not secure and has a high overhead. The lack of pre-shared information between the MN and the CN makes security in RO a difficult challenge. MIPv6 adopts the return routability (RR) mechanism which is more to verify the MN reachability in both its home address (HoA) and care-of address (CoA) than a security feature. Other works attempted to solve the multiple security issues in RR but either their design are flawed, or rely on unrealistic assumptions. The third paper presents an enhanced cryptographically generated address (ECGA) for MIPv6 that integrates a built-in backward key chain and offers support to bind multiple logically-linked CGAs together. ECGA tackles the time-memory tradeoff attacks while being very efficient. It is part of the proposed secure MIPv6 (SMIPv6) with secure and efficient RO which uses DNSSEC to validate CGAs from trusted domains and provide strong authentication rather than sender invariance. The AVISPA on-the-fly model checker (OFMC) tool has been used to show that the proposed solution has no security flaws while still being lightweight in signalling messages in the radio network

Mobile Ad Hoc Networks

Guiding readers through the basics of these rapidly emerging networks to more advanced concepts and future expectations, Mobile Ad hoc Networks: Current Status and Future Trends identifies and examines the most pressing research issues in Mobile Ad hoc Networks (MANETs). Containing the contributions of leading researchers, industry professionals, and academics, this forward-looking reference provides an authoritative perspective of the state of the art in MANETs. The book includes surveys of recent publications that investigate key areas of interest such as limited resources and the mobility of mobile nodes. It considers routing, multicast, energy, security, channel assignment, and ensuring quality of service. Also suitable as a text for graduate students, the book is organized into three sections: Fundamentals of MANET Modeling and Simulation—Describes how MANETs operate and perform through simulations and models Communication Protocols of MANETs—Presents cutting-edge research on key issues, including MAC layer issues and routing in high mobility Future Networks Inspired By MANETs—Tackles open research issues and emerging trends Illustrating the role MANETs are likely to play in future networks, this book supplies the foundation and insight you will need to make your own contributions to the field. It includes coverage of routing protocols, modeling and simulations tools, intelligent optimization techniques to multicriteria routing, security issues in FHAMIPv6, connecting moving smart objects to the Internet, underwater sensor networks, wireless mesh network architecture and protocols, adaptive routing provision using Bayesian inference, and adaptive flow control in transport layer using genetic algorithms

Secure Incentives to Cooperate for Wireless Networks

The operating principle of certain wireless networks makes essential the cooperation between the mobile nodes. However, if each node is an autonomous selfish entity, cooperation is not guaranteed and therefore we need to use incentive techniques. In this thesis, we study cooperation in three different types of networks: WiFi networks, Wireless Mesh Networks (WMNs), and Hybrid Ad-hoc networks. Cooperation has a different goal for each of these networks, we thus propose incentive mechanisms adapted to each case. In the first chapter of this thesis, we consider WiFi networks whose wide-scale adoption is impeded by two major hurdles: the lack of a seamless roaming scheme and the variable QoS experienced by the users. We devise a reputation-based solution that (i) allows a mobile node to connect to a foreign Wireless ISP in a secure way while preserving his anonymity and (ii) encourages the WISPs to cooperate, i.e., to provide the mobile clients with a good QoS. Cooperation appears here twofold: First, the mobile clients have to collaborate in order to build and maintain the reputation system and second, the use of this reputation system encourages the WISPs to cooperate. We show, by means of simulations, that our reputation model indeed encourages the WISPs to behave correctly and we analyze the robustness of our solution against various attacks. In the second chapter of the thesis, we consider Wireless Mesh Networks (WMNs), a new and promising paradigm that uses multi-hop communications to extend WiFi networks. Indeed, by connecting only one hot spot to the Internet and by deploying several Transit Access Points (TAPs), a WISP can extend its coverage and serve a large number of clients at a very low cost. We analyze the characteristics of WMNs and deduce three fundamental network operations that need to be secured: (i) the routing protocol, (ii) the detection of corrupt TAPs and (iii) the enforcement of a proper fairness metric in WMNs. We focus on the fairness problem and propose FAME, an adaptive max-min fair resource allocation mechanism for WMNs. FAME provides a fair, collision-free capacity use of the WMN and automatically adjusts to the traffic demand fluctuations of the mobile clients. We develop the foundations of the mechanism and demonstrate its efficiency by means of simulations. We also experimentally assess the utility of our solution when TAPs are equipped with directional antennas and distinct sending and receiving interfaces in the Magnets testbed deployed in Berlin. In the third and last chapter of this thesis, we consider Hybrid Ad-hoc networks, i.e., infrastructured networks that are extended using multi-hop communications. We propose a secure set of protocols to encourage the most fundamental operation in these networks, namely packet forwarding. This solution is based on a charging and rewarding system. We use "MAC layering" to reduce the space overhead in the packets and a stream cipher encryption mechanism to provide "implicit authentication" of the nodes involved in the communication. We analyze the robustness of our protocols against rational and malicious attacks. We show that the use of our solution makes cooperation rational for selfish nodes. We also show that our protocols thwart rational attacks and detect malicious attacks

Two-tier Intrusion Detection System for Mobile Ad Hoc Networks

Nowadays, a commonly used wireless network (i.e. Wi-Fi) operates with the aid of a fixed infrastructure (i.e. an access point) to facilitate communication between nodes when they roam from one location to another. The need for such a fixed supporting infrastructure limits the adaptability of the wireless network, especially in situations where the deployment of such an infrastructure is impractical. In addition, Wi-Fi limits nodes' communication as it only provides facility for mobile nodes to send and receive information, but not reroute the information across the network. Recent advancements in computer network introduced a new wireless network, known as a Mobile Ad Hoc Network (MANET), to overcome these limitations. MANET has a set of unique characteristics that make it different from other kind of wireless networks. Often referred as a peer to peer network, such a network does not have any fixed topology, thus nodes are free to roam anywhere, and could join or leave the network anytime they desire. Its ability to be setup without the need of any infrastructure is very useful, especially in geographically constrained environments such as in a military battlefield or a disaster relief operation. In addition, through its multi hop routing facility, each node could function as a router, thus communication between nodes could be made available without the need of a supporting fixed router or an access point. However, these handy facilities come with big challenges, especially in dealing with the security issues. This research aims to address MANET security issues by proposing a novel intrusion detection system that could be used to complement existing prevention mechanisms that have been proposed to secure such a network. A comprehensive analysis of attacks and the existing security measures proved that there is a need for an Intrusion Detection System (IDS) to protect MANETs against security threats. The analysis also suggested that the existing IDS proposed for MANET are not immune against a colluding blackmail attack due to the nature of such a network that comprises autonomous and anonymous nodes. The IDS architecture as proposed in this study utilises trust relationships between nodes to overcome this nodes' anonymity issue. Through a friendship mechanism, the problems of false accusations and false alarms caused by blackmail attackers in global detection and response mechanisms could be eliminated. The applicability of the friendship concept as well as other proposed mechanisms to solve MANET IDS related issues have been validated through a set of simulation experiments. Several MANET settings, which differ from each other based on the network's density level, the number of initial trusted friends owned by each node, and the duration of the simulation times, have been used to study the effects of such factors towards the overall performance of the proposed IDS framework. The results obtained from the experiments proved that the proposed concepts are capable to at least minimise i f not fully eliminate the problem currently faced in MANET IDS