6 research outputs found
Modeling Security and Resource Allocation for Mobile Multi-hop Wireless Neworks Using Game Theory
This dissertation presents novel approaches to modeling and analyzing security and resource allocation in mobile ad hoc networks (MANETs). The research involves the design, implementation and simulation of different models resulting in resource sharing and security’s strengthening of the network among mobile devices. Because of the mobility, the network topology may change quickly and unpredictably over time. Moreover, data-information sent from a source to a designated destination node, which is not nearby, has to route its information with the need of intermediary mobile nodes. However, not all intermediary nodes in the network are willing to participate in data-packet transfer of other nodes. The unwillingness to participate in data forwarding is because a node is built on limited resources such as energy-power and data. Due to their limited resource, nodes may not want to participate in the overall network objectives by forwarding data-packets of others in fear of depleting their energy power.
To enforce cooperation among autonomous nodes, we design, implement and simulate new incentive mechanisms that used game theoretic concepts to analyze and model the strategic interactions among rationale nodes with conflicting interests. Since there is no central authority and the network is decentralized, to address the concerns of mobility of selfish nodes in MANETs, a model of security and trust relationship was designed and implemented to improve the impact of investment into trust mechanisms. A series of simulations was carried out that showed the strengthening of security in a network with selfish and malicious nodes. Our research involves bargaining for resources in a highly dynamic ad-hoc network. The design of a new arbitration mechanism for MANETs utilizes the Dirichlet distribution for fairness in allocating resources. Then, we investigated the problem of collusion nodes in mobile ad-hoc networks with an arbitrator. We model the collusion by having a group of nodes disrupting the bargaining process by not cooperating with the arbitrator. Finally, we investigated the resource allocation for a system between agility and recovery using the concept of Markov decision process. Simulation results showed that the proposed solutions may be helpful to decision-makers when allocating resources between separated teams
Autenticación de contenidos y control de acceso en redes peer-to-peer puras
Esta tesis doctoral se enmarca dentro del área de investigación de la seguridad en entornos Peer-to-Peer (P2P) totalmente descentralizados (también denominados puros.) En particular, el objetivo principal de esta tesis doctoral es definir, analizar e implementar un esquema para la distribución segura de los contenidos compartidos. En este trabajo de tesis se han realizado importantes avances e innovadoras aportaciones enfocadas a garantizar que el contenido compartido es auténtico; es decir, que no ha sido alterado, incluso tratándose de una réplica del original. Además, se propone un mecanismo de control de acceso orientado a proporcionar servicios de autorización en un entorno que no cuenta con una jerarquía de autoridades de certificación. A continuación, se resume la metodología seguida, las principales aportaciones de esta tesis y, finalmente, se muestran las conclusiones más importantes. __________________________________________The study and analysis of the state-of-the-art on security in Peer-to-Peer (P2P) networks gives us many important insights regarding the lack of practical security mechanisms in such fully decentralized and highly dynamic networks. The major problems range from the absence of content authentication mechanisms, which address and assure the authenticity and integrity of the resources shared by networking nodes, to access control proposals, which provide authorization services. In particular, the combination of both, authentication and access control, within well-known P2P file sharing systems may involve several advances in the content replication and distribution processes. The aim of this thesis is to define, develop and evaluate a secure P2P content distribution scheme for file sharing scenarios. The proposal will be based on the use of digital certificates, similar to those used in the provision of public key authenticity. To carry out this proposal in such an environment, which does not count on a hierarchy of certification authorities, we will explore the application of non-conventional techniques, such as Byzantine agreement protocols and schemes based on “proof-of-work.” We then propose a content authentication protocol for pure P2P file sharing systems. Under certain restrictions, our scheme provides guarantees that a content is authentic, i.e. it has not been altered, even if it is a replica of the original and the source has lost control over it. Moreover, we extend our initial work by showing how digital certificates can be modified to provide authorization capabilities for self-organizing peers. The entire scheme is first theoretically analyzed, and also implemented in C and Java in order to evaluate its performance. This document is presented as Ph.D. Thesis within the 2007–08 Ph.D. in Computer Science Program at Carlos III University of Madrid
Resilience-Building Technologies: State of Knowledge -- ReSIST NoE Deliverable D12
This document is the first product of work package WP2, "Resilience-building and -scaling technologies", in the programme of jointly executed research (JER) of the ReSIST Network of Excellenc
Efficient Passive Clustering and Gateways selection MANETs
Passive clustering does not employ control packets to collect topological information in ad hoc networks. In our proposal, we avoid making frequent changes in cluster architecture due to repeated election and re-election of cluster heads and gateways. Our primary objective has been to make Passive Clustering more practical by employing optimal number of gateways and reduce the number of rebroadcast packets
Redes em malha sem fios baseadas em contexto
Doutoramento em Engenharia ElectrotécnicaIn the modern society, new devices, applications and technologies, with sophisticated
capabilities, are converging in the same network infrastructure.
Users are also increasingly demanding in personal preferences and expectations,
desiring Internet connectivity anytime and everywhere. These aspects
have triggered many research efforts, since the current Internet is reaching
a breaking point trying to provide enough flexibility for users and profits for
operators, while dealing with the complex requirements raised by the recent
evolution.
Fully aligned with the future Internet research, many solutions have been
proposed to enhance the current Internet-based architectures and protocols,
in order to become context-aware, that is, to be dynamically adapted to
the change of the information characterizing any network entity. In this
sense, the presented Thesis proposes a new architecture that allows to create
several networks with different characteristics according to their context, on
the top of a single Wireless Mesh Network (WMN), which infrastructure
and protocols are very flexible and self-adaptable.
More specifically, this Thesis models the context of users, which can span
from their security, cost and mobility preferences, devices’ capabilities or
services’ quality requirements, in order to turn a WMN into a set of logical
networks. Each logical network is configured to meet a set of user context
needs (for instance, support of high mobility and low security). To
implement this user-centric architecture, this Thesis uses the network virtualization,
which has often been advocated as a mean to deploy independent
network architectures and services towards the future Internet, while allowing
a dynamic resource management. This way, network virtualization can
allow a flexible and programmable configuration of a WMN, in order to be
shared by multiple logical networks (or virtual networks - VNs). Moreover,
the high level of isolation introduced by network virtualization can be used
to differentiate the protocols and mechanisms of each context-aware VN.
This architecture raises several challenges to control and manage the VNs
on-demand, in response to user and WMN dynamics. In this context, we
target the mechanisms to: (i) discover and select the VN to assign to an
user; (ii) create, adapt and remove the VN topologies and routes. We
also explore how the rate of variation of the user context requirements can
be considered to improve the performance and reduce the complexity of
the VN control and management. Finally, due to the scalability limitations
of centralized control solutions, we propose a mechanism to distribute the
control functionalities along the architectural entities, which can cooperate
to control and manage the VNs in a distributed way.Na sociedade actual, novos dispositivos, aplicações e tecnologias, com capacidades
sofisticadas, estão a convergir na mesma infra-estrutura de rede.
Os utilizadores são também cada vez mais exigentes nas suas preferências e
expectativas pessoais, desejando conetividade `a Internet em qualquer hora
e lugar. Estes aspectos têm desencadeado muitos esforços de investigação,
dado que a Internet atual está a atingir um ponto de rutura ao tentar promover
flexibilidade para os utilizadores e lucros para os operadores, enquanto
lida com as exigências complexas associadas `a recente evolução.
Em sintonia com a linha de investigação para a Internet do futuro, muitas
soluções têm sido propostas para melhorar as arquiteturas e protocolos da
Internet atual, de forma a torná-los sensíveis ao contexto, isto é, adaptá-los
dinamicamente `a alteração da informação que caracteriza qualquer entidade
de rede. Neste sentido, a presente Tese propõe uma nova arquitetura que
permite criar várias redes com diferentes características de acordo com o
contexto das mesmas, sobre uma única rede em malha sem fios (WMN),
cuja infra-estructura e protocolos são muito flexíveis e auto-adaptáveis.
Mais especificamente, esta Tese modela o contexto dos utilizadores, que
pode abranger as suas preferências de segurança, custo e mobilidade, capacidades
dos seus dispositivos ou requisitos de qualidade dos seus serviços,
de forma a transformar uma WMN num conjunto de redes lógicas. Cada
rede lógica ´e configurada para satisfazer um conjunto de necessidades de
contexto do utilizador (como exemplo, suporte de mobilidade elevada e
de baixa seguran¸ca). Para implementar esta arquitetura centrada no utilizador,
esta Tese utiliza a virtualização de redes, que tem muitas vezes
sido defendida como um meio para implementar arquiteturas e serviços de
rede de uma forma independente, enquanto permite uma gestão dinâmica
dos recursos. Desta forma, a virtualização de redes pode permitir uma
configuração flexível e programável de uma WMN, a fim de ser partilhada
por várias redes lógicas (ou redes virtuais - VNs). Além disso, o grau de
isolamento introduzido pela virtualização de redes pode ser utilizado para
diferenciar os protocolos e mecanismos de cada VN baseada em contexto.
Esta arquitetura levanta vários desafios para controlar e gerir as VNs em
tempo real, e em resposta `a dinâmica dos utilizadores e da WMN. Neste
contexto, abordamos os mecanismos para: (i) descobrir e selecionar a VN
a atribuir a um utilizador; (ii) criar, adaptar e remover as topologias e
rotas das VNs. Também exploramos a possibilidade de considerar a taxa
de variação dos requisitos de contexto dos utilizadores de forma a melhorar
o desempenho e reduzir a complexidade do controlo e gestão das VNs.
Finalmente, devido ´as limitações de escalabilidade das soluções de controlo
centralizadas, propomos um mecanismo para distribuir as funcionalidades
de controlo ao longo das entidades da arquitectura, que podem cooperar
para controlar e gerir as VNs de uma forma distribuída