Dinamička distribucija sigurnosnih ključeva i koalicijski protokol IP adresa za mobilne ad hoc mreže

In mobile adhoc networks (MANETs) a tree-based dynamic address auto-configuration protocol (T-DAAP) is one of the best protocols designed for address assignment as far as the network throughput and packet delays are concerned. Moreover, MANET security is an important factor for many applications given that any node can listen to the channel and overhear the packets being transmitted. In this paper, we merge the address assignment with the security key delivery into one protocol, such that a node in the MANET is configured with IP address and security key simultaneously. To the best of our knowledge, no single protocol provides concurrent assignment of IP addresses and security keys for MANET nodes. The proposed method, which is based on T-DAAP, shows significant enhancements in the required control packets needed for assigning network nodes IP addresses and security keys, MAC layer packets, total end-to-end delay, and channel throughput over those obtained when using separate protocols. Additionally, it provides not only efficient security keys to the nodes from the first moment they join the network, but also secure delivery of the address and security key to all participating nodes. It is noteworthy to mention that providing a complete security model for MANET to detect and countermeasure network security threats and attacks is beyond the scope of our proposed protocol.Kod mobilnih ad hoc mreža (MANET) dinamički protokol za autokonfiguraciju adresa baziran na stablu (T-DAAP) je jedan od najboljih protokola dizajniranih za dodjelu adresa iz perspektive propusnosti mreže i i kašnjenja paketa. štoviše, sigurnost MANET-a je važan faktor za mnoge aplikacije s obzirom da bilo koji čvor može osluškivati kanal i slučajno čuti pakete koji se šalju. U ovom radu, dodjela adresa i dostava sigurnosnih ključeva spojeni su u jedan protokol tako da je čvor u MANET-u konfiguriran simultano s IP adresom i sigurnosnim ključem. Prema saznanjima autora, niti jedan postojeći protokol ne pruža istovremeno dodjeljivanje IP adrese i sigurnosnog ključa za MANET čvorove. Predložena metoda, koja se bazira na T-DAAP-u, pokazuje značajna poboljšanja u odnosu na metode koje koriste odvojene porotokole, kod traženih kontrolnih paketa koji su potrebni za dodjeljivanje IP adresa i sigurnosnih ključeva čvorovima mreže, MAC paketa, ukupnog end-to-end kašnjenja i propusnosti kanala. Dodatno pruža ne samo efikasne sigurnosne ključeve čvorovima od trenutka kad se priključe mreži, nego i sigurno dostavljanje adrese i sigurnosnog ključa svim čvorovima koji sudjeluju u mreži. Važno je spomenuti da je pružanje cjelokupnog sigurnosnog modela za MANET koji detektira dodatno i protumjere prijetnjama i napadima na sigurnost mreže izvan dosega predloženog protokola

Temporal and Spatial Classification of Active IPv6 Addresses

There is striking volume of World-Wide Web activity on IPv6 today. In early 2015, one large Content Distribution Network handles 50 billion IPv6 requests per day from hundreds of millions of IPv6 client addresses; billions of unique client addresses are observed per month. Address counts, however, obscure the number of hosts with IPv6 connectivity to the global Internet. There are numerous address assignment and subnetting options in use; privacy addresses and dynamic subnet pools significantly inflate the number of active IPv6 addresses. As the IPv6 address space is vast, it is infeasible to comprehensively probe every possible unicast IPv6 address. Thus, to survey the characteristics of IPv6 addressing, we perform a year-long passive measurement study, analyzing the IPv6 addresses gleaned from activity logs for all clients accessing a global CDN. The goal of our work is to develop flexible classification and measurement methods for IPv6, motivated by the fact that its addresses are not merely more numerous; they are different in kind. We introduce the notion of classifying addresses and prefixes in two ways: (1) temporally, according to their instances of activity to discern which addresses can be considered stable; (2) spatially, according to the density or sparsity of aggregates in which active addresses reside. We present measurement and classification results numerically and visually that: provide details on IPv6 address use and structure in global operation across the past year; establish the efficacy of our classification methods; and demonstrate that such classification can clarify dimensions of the Internet that otherwise appear quite blurred by current IPv6 addressing practices

Mobile Computing in Digital Ecosystems: Design Issues and Challenges

In this paper we argue that the set of wireless, mobile devices (e.g., portable telephones, tablet PCs, GPS navigators, media players) commonly used by human users enables the construction of what we term a digital ecosystem, i.e., an ecosystem constructed out of so-called digital organisms (see below), that can foster the development of novel distributed services. In this context, a human user equipped with his/her own mobile devices, can be though of as a digital organism (DO), a subsystem characterized by a set of peculiar features and resources it can offer to the rest of the ecosystem for use from its peer DOs. The internal organization of the DO must address issues of management of its own resources, including power consumption. Inside the DO and among DOs, peer-to-peer interaction mechanisms can be conveniently deployed to favor resource sharing and data dissemination. Throughout this paper, we show that most of the solutions and technologies needed to construct a digital ecosystem are already available. What is still missing is a framework (i.e., mechanisms, protocols, services) that can support effectively the integration and cooperation of these technologies. In addition, in the following we show that that framework can be implemented as a middleware subsystem that enables novel and ubiquitous forms of computation and communication. Finally, in order to illustrate the effectiveness of our approach, we introduce some experimental results we have obtained from preliminary implementations of (parts of) that subsystem.Comment: Proceedings of the 7th International wireless Communications and Mobile Computing conference (IWCMC-2011), Emergency Management: Communication and Computing Platforms Worksho

Coherent, automatic address resolution for vehicular ad hoc networks

Published in: Int. J. of Ad Hoc and Ubiquitous Computing, 2017 Vol.25, No.3, pp.163 - 179. DOI: 10.1504/IJAHUC.2017.10001935The interest in vehicular communications has increased notably. In this paper, the use of the address resolution (AR) procedures is studied for vehicular ad hoc networks (VANETs). We analyse the poor performance of AR transactions in such networks and we present a new proposal called coherent, automatic address resolution (CAAR). Our approach inhibits the use of AR transactions and instead increases the usefulness of routing signalling to automatically match the IP and MAC addresses. Through extensive simulations in realistic VANET scenarios using the Estinet simulator, we compare our proposal CAAR to classical AR and to another of our proposals that enhances AR for mobile wireless networks, called AR+. In addition, we present a performance evaluation of the behaviour of CAAR, AR and AR+ with unicast traffic of a reporting service for VANETs. Results show that CAAR outperforms the other two solutions in terms of packet losses and furthermore, it does not introduce additional overhead.Postprint (published version

Practical privacy enhancing technologies for mobile systems

Mobile computers and handheld devices can be used today to connect to services available on the Internet. One of the predominant technologies in this respect for wireless Internet connection is the IEEE 802.11 family of WLAN standards. In many countries, WLAN access can be considered ubiquitous; there is a hotspot available almost anywhere. Unfortunately, the convenience provided by wireless Internet access has many privacy tradeoffs that are not obvious to mobile computer users. In this thesis, we investigate the lack of privacy of mobile computer users, and propose practical enhancements to increase the privacy of these users. We show how explicit information related to the users' identity leaks on all layers of the protocol stack. Even before an IP address is configured, the mobile computer may have already leaked their affiliation and other details to the local network as the WLAN interface openly broadcasts the networks that the user has visited. Free services that require authentication or provide personalization, such as online social networks, instant messengers, or web stores, all leak the user's identity. All this information, and much more, is available to a local passive observer using a mobile computer. In addition to a systematic analysis of privacy leaks, we have proposed four complementary privacy protection mechanisms. The main design guidelines for the mechanisms have been deployability and the introduction of minimal changes to user experience. More specifically, we mitigate privacy problems introduced by the standard WLAN access point discovery by designing a privacy-preserving access-point discovery protocol, show how a mobility management protocol can be used to protect privacy, and how leaks on all layers of the stack can be reduced by network location awareness and protocol stack virtualization. These practical technologies can be used in designing a privacy-preserving mobile system or can be retrofitted to current systems

Integrated Architecture for Configuration and Service Management in MANET Environments

Esta tesis nos ha permitido trasladar algunos conceptos teóricos de la computación ubicua a escenarios reales, identificando las necesidades específicas de diferentes tipos de aplicaciones. Con el fin de alcanzar este objetivo, proponemos dos prototipos que proporcionan servicios sensibles al contexto en diferentes entornos, tales como conferencias o salas de recuperación en hospitales. Estos prototipos experimentales explotan la tecnología Bluetooth para ofrecer información basada en las preferencias del usuario. En ambos casos, hemos llevado a cabo algunos experimentos con el fin de evaluar el comportamiento de los sistemas y su rendimento. También abordamos en esta tesis el problema de la autoconfiguración de redes MANET basadas en el estándar 802.11 a través de dos soluciones novedosas. La primera es una solución centralizada que se basa en la tecnología Bluetooth, mientras la segunda es una solución distribuida que no necesita recurrir a ninguna tecnología adicional, ya que se basa en el uso del parámetro SSID. Ambos métodos se han diseñado para permitir que usuarios no expertos puedan unirse a una red MANET de forma transparente, proporcionando una configuración automática, rápida, y fiable de los terminales. Los resultados experimentales en implementaciones reales nos han permitido evaluar el rendimiento de las soluciones propuestas y demostrar que las estaciones cercanas se pueden configurar en pocos segundos. Además, hemos comparado ambas soluciones entre sí para poner de manifiesto las diferentes ventajas y desventajas en cuanto a rendimento. La principal contribución de esta tesis es EasyMANET, una plataforma ampliable y configurable cuyo objetivo es automatizar lo máximo posible las tareas que afectan a la configuración y puesta en marcha de redes MANET, de modo que su uso sea más simple y accesible.Cano Reyes, J. (2012). Integrated Architecture for Configuration and Service Management in MANET Environments [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/14675Palanci

Internet connection method for mobile ad hoc wireless networks

In recent years, wireless networks with Internet services have become more and more popular. Technologies which integrate Internet and wireless networks have extended traditional Internet applications into a more flexible and dynamic environment. This research work investigates the technology that supports the connection between a Mobile Ad Hoc Wireless Network (MANET) and the Internet, which enables the current wireless Internet technologies to provide a ubiquitous wireless life style. With detailed analysis of the existing wireless Internet technologies and MANETs regarding their features and applications, the demand and lack of research work for an application to provide Internet connection to MANET is indicated. The primary difficulty for MANET and Internet connection is that the dynamic features of MANET do not suit the traditional connection methods used in infrastructure wireless networks. This thesis introduces new concept of the 'Gateway Awareness' (GAW) to the wireless devices in the MANET. GAW is a new routing protocol designed by the author of this thesis, at the University of Warwick. Based on GAW, an inclusive definition for the connection method, which supports the Internet connection and keeps the independency of routing in MANET, is addressed. Unlike other research work, this method supports the MANET and Internet communication in both directions. Furthermore, it explores possible ways of using the Internet as an extension for wireless communications. The GAW routing method is developed from destination sequenced distance vector (DSDV) routing protocol. However, it defines a layer of wireless nodes (known as GAWNs) with exclusive functions for the Internet connection task. The layer of GAWNs brings a new set of route update and route selection method. Simulations show that the GAW routing method provides quality Internet connection performance in different scenarios compared with other methods. In particular, the connection is completed with minimum effect on the independent MANET while the routing efficiency and accuracy is guaranteed