Modeling Security and Resource Allocation for Mobile Multi-hop Wireless Neworks Using Game Theory

This dissertation presents novel approaches to modeling and analyzing security and resource allocation in mobile ad hoc networks (MANETs). The research involves the design, implementation and simulation of different models resulting in resource sharing and security’s strengthening of the network among mobile devices. Because of the mobility, the network topology may change quickly and unpredictably over time. Moreover, data-information sent from a source to a designated destination node, which is not nearby, has to route its information with the need of intermediary mobile nodes. However, not all intermediary nodes in the network are willing to participate in data-packet transfer of other nodes. The unwillingness to participate in data forwarding is because a node is built on limited resources such as energy-power and data. Due to their limited resource, nodes may not want to participate in the overall network objectives by forwarding data-packets of others in fear of depleting their energy power. To enforce cooperation among autonomous nodes, we design, implement and simulate new incentive mechanisms that used game theoretic concepts to analyze and model the strategic interactions among rationale nodes with conflicting interests. Since there is no central authority and the network is decentralized, to address the concerns of mobility of selfish nodes in MANETs, a model of security and trust relationship was designed and implemented to improve the impact of investment into trust mechanisms. A series of simulations was carried out that showed the strengthening of security in a network with selfish and malicious nodes. Our research involves bargaining for resources in a highly dynamic ad-hoc network. The design of a new arbitration mechanism for MANETs utilizes the Dirichlet distribution for fairness in allocating resources. Then, we investigated the problem of collusion nodes in mobile ad-hoc networks with an arbitrator. We model the collusion by having a group of nodes disrupting the bargaining process by not cooperating with the arbitrator. Finally, we investigated the resource allocation for a system between agility and recovery using the concept of Markov decision process. Simulation results showed that the proposed solutions may be helpful to decision-makers when allocating resources between separated teams

Autenticación de contenidos y control de acceso en redes peer-to-peer puras

Esta tesis doctoral se enmarca dentro del área de investigación de la seguridad en entornos Peer-to-Peer (P2P) totalmente descentralizados (también denominados puros.) En particular, el objetivo principal de esta tesis doctoral es definir, analizar e implementar un esquema para la distribución segura de los contenidos compartidos. En este trabajo de tesis se han realizado importantes avances e innovadoras aportaciones enfocadas a garantizar que el contenido compartido es auténtico; es decir, que no ha sido alterado, incluso tratándose de una réplica del original. Además, se propone un mecanismo de control de acceso orientado a proporcionar servicios de autorización en un entorno que no cuenta con una jerarquía de autoridades de certificación. A continuación, se resume la metodología seguida, las principales aportaciones de esta tesis y, finalmente, se muestran las conclusiones más importantes. __________________________________________The study and analysis of the state-of-the-art on security in Peer-to-Peer (P2P) networks gives us many important insights regarding the lack of practical security mechanisms in such fully decentralized and highly dynamic networks. The major problems range from the absence of content authentication mechanisms, which address and assure the authenticity and integrity of the resources shared by networking nodes, to access control proposals, which provide authorization services. In particular, the combination of both, authentication and access control, within well-known P2P file sharing systems may involve several advances in the content replication and distribution processes. The aim of this thesis is to define, develop and evaluate a secure P2P content distribution scheme for file sharing scenarios. The proposal will be based on the use of digital certificates, similar to those used in the provision of public key authenticity. To carry out this proposal in such an environment, which does not count on a hierarchy of certification authorities, we will explore the application of non-conventional techniques, such as Byzantine agreement protocols and schemes based on “proof-of-work.” We then propose a content authentication protocol for pure P2P file sharing systems. Under certain restrictions, our scheme provides guarantees that a content is authentic, i.e. it has not been altered, even if it is a replica of the original and the source has lost control over it. Moreover, we extend our initial work by showing how digital certificates can be modified to provide authorization capabilities for self-organizing peers. The entire scheme is first theoretically analyzed, and also implemented in C and Java in order to evaluate its performance. This document is presented as Ph.D. Thesis within the 2007–08 Ph.D. in Computer Science Program at Carlos III University of Madrid

Resilience-Building Technologies: State of Knowledge -- ReSIST NoE Deliverable D12

This document is the first product of work package WP2, "Resilience-building and -scaling technologies", in the programme of jointly executed research (JER) of the ReSIST Network of Excellenc

Efficient Passive Clustering and Gateways selection MANETs

Passive clustering does not employ control packets to collect topological information in ad hoc networks. In our proposal, we avoid making frequent changes in cluster architecture due to repeated election and re-election of cluster heads and gateways. Our primary objective has been to make Passive Clustering more practical by employing optimal number of gateways and reduce the number of rebroadcast packets

Redes em malha sem fios baseadas em contexto

Doutoramento em Engenharia ElectrotécnicaIn the modern society, new devices, applications and technologies, with sophisticated capabilities, are converging in the same network infrastructure. Users are also increasingly demanding in personal preferences and expectations, desiring Internet connectivity anytime and everywhere. These aspects have triggered many research efforts, since the current Internet is reaching a breaking point trying to provide enough flexibility for users and profits for operators, while dealing with the complex requirements raised by the recent evolution. Fully aligned with the future Internet research, many solutions have been proposed to enhance the current Internet-based architectures and protocols, in order to become context-aware, that is, to be dynamically adapted to the change of the information characterizing any network entity. In this sense, the presented Thesis proposes a new architecture that allows to create several networks with different characteristics according to their context, on the top of a single Wireless Mesh Network (WMN), which infrastructure and protocols are very flexible and self-adaptable. More specifically, this Thesis models the context of users, which can span from their security, cost and mobility preferences, devices’ capabilities or services’ quality requirements, in order to turn a WMN into a set of logical networks. Each logical network is configured to meet a set of user context needs (for instance, support of high mobility and low security). To implement this user-centric architecture, this Thesis uses the network virtualization, which has often been advocated as a mean to deploy independent network architectures and services towards the future Internet, while allowing a dynamic resource management. This way, network virtualization can allow a flexible and programmable configuration of a WMN, in order to be shared by multiple logical networks (or virtual networks - VNs). Moreover, the high level of isolation introduced by network virtualization can be used to differentiate the protocols and mechanisms of each context-aware VN. This architecture raises several challenges to control and manage the VNs on-demand, in response to user and WMN dynamics. In this context, we target the mechanisms to: (i) discover and select the VN to assign to an user; (ii) create, adapt and remove the VN topologies and routes. We also explore how the rate of variation of the user context requirements can be considered to improve the performance and reduce the complexity of the VN control and management. Finally, due to the scalability limitations of centralized control solutions, we propose a mechanism to distribute the control functionalities along the architectural entities, which can cooperate to control and manage the VNs in a distributed way.Na sociedade actual, novos dispositivos, aplicações e tecnologias, com capacidades sofisticadas, estão a convergir na mesma infra-estrutura de rede. Os utilizadores são também cada vez mais exigentes nas suas preferências e expectativas pessoais, desejando conetividade `a Internet em qualquer hora e lugar. Estes aspectos têm desencadeado muitos esforços de investigação, dado que a Internet atual está a atingir um ponto de rutura ao tentar promover flexibilidade para os utilizadores e lucros para os operadores, enquanto lida com as exigências complexas associadas `a recente evolução. Em sintonia com a linha de investigação para a Internet do futuro, muitas soluções têm sido propostas para melhorar as arquiteturas e protocolos da Internet atual, de forma a torná-los sensíveis ao contexto, isto é, adaptá-los dinamicamente `a alteração da informação que caracteriza qualquer entidade de rede. Neste sentido, a presente Tese propõe uma nova arquitetura que permite criar várias redes com diferentes características de acordo com o contexto das mesmas, sobre uma única rede em malha sem fios (WMN), cuja infra-estructura e protocolos são muito flexíveis e auto-adaptáveis. Mais especificamente, esta Tese modela o contexto dos utilizadores, que pode abranger as suas preferências de segurança, custo e mobilidade, capacidades dos seus dispositivos ou requisitos de qualidade dos seus serviços, de forma a transformar uma WMN num conjunto de redes lógicas. Cada rede lógica ´e configurada para satisfazer um conjunto de necessidades de contexto do utilizador (como exemplo, suporte de mobilidade elevada e de baixa seguran¸ca). Para implementar esta arquitetura centrada no utilizador, esta Tese utiliza a virtualização de redes, que tem muitas vezes sido defendida como um meio para implementar arquiteturas e serviços de rede de uma forma independente, enquanto permite uma gestão dinâmica dos recursos. Desta forma, a virtualização de redes pode permitir uma configuração flexível e programável de uma WMN, a fim de ser partilhada por várias redes lógicas (ou redes virtuais - VNs). Além disso, o grau de isolamento introduzido pela virtualização de redes pode ser utilizado para diferenciar os protocolos e mecanismos de cada VN baseada em contexto. Esta arquitetura levanta vários desafios para controlar e gerir as VNs em tempo real, e em resposta `a dinâmica dos utilizadores e da WMN. Neste contexto, abordamos os mecanismos para: (i) descobrir e selecionar a VN a atribuir a um utilizador; (ii) criar, adaptar e remover as topologias e rotas das VNs. Também exploramos a possibilidade de considerar a taxa de variação dos requisitos de contexto dos utilizadores de forma a melhorar o desempenho e reduzir a complexidade do controlo e gestão das VNs. Finalmente, devido ´as limitações de escalabilidade das soluções de controlo centralizadas, propomos um mecanismo para distribuir as funcionalidades de controlo ao longo das entidades da arquitectura, que podem cooperar para controlar e gerir as VNs de uma forma distribuída