Secure bootstrapping and routing in an IPv6-based ad hoc network

The mobile ad hoc network (MANET), which is characterized by an infrastructureless architecture and multi-hop communication, has attracted a lot of attention recently. In the evolution of IP networks to version 6, adopting the same protocol would guarantee the success and portability of MANETs. In this paper, we propose a secure bootstrapping and routing protocol for MANETs. Mobile hosts can autoconfigure and even change their IP addresses based on the concept of CGA (cryptographically generated address), but they can not hide their identities easily. The protocol is modified from DSR (dynamic source routing) to support secure routing. The neighbor discovery and domain name registration in IPv6 are incorporated and enhanced with security functions. The protocol is characterized by the following features: (i) it is designed based on IPv6, (ii) relying on a DNS server, it allows bootstrapping a MANET with little pre-configuration overhead, so network formation is light-weight, and (iii) it is able to resist a variety of security attacks

A Lightweight and Attack Resistant Authenticated Routing Protocol for Mobile Adhoc Networks

In mobile ad hoc networks, by attacking the corresponding routing protocol, an attacker can easily disturb the operations of the network. For ad hoc networks, till now many secured routing protocols have been proposed which contains some disadvantages. Therefore security in ad hoc networks is a controversial area till now. In this paper, we proposed a Lightweight and Attack Resistant Authenticated Routing Protocol (LARARP) for mobile ad hoc networks. For the route discovery attacks in MANET routing protocols, our protocol gives an effective security. It supports the node to drop the invalid packets earlier by detecting the malicious nodes quickly by verifying the digital signatures of all the intermediate nodes. It punishes the misbehaving nodes by decrementing a credit counter and rewards the well behaving nodes by incrementing the credit counter. Thus it prevents uncompromised nodes from attacking the routes with malicious or compromised nodes. It is also used to prevent the denial-of-service (DoS) attacks. The efficiency and effectiveness of LARARP are verified through the detailed simulation studies.Comment: 14 Pages, IJWM

Effective bootstrapping of Peer-to Peer networks over Mobile Ad-hoc networks

Mobile Ad-hoc Networks (MANETs) and Peer-to-Peer (P2P) networks are vigorous, revolutionary communication technologies in the 21st century. They lead the trend of decentralization. Decentralization will ultimately win clients over client/server model, because it gives ordinary network users more control, and stimulates their active participation. It is a determinant factor in shaping the future of networking. MANETs and P2P networks are very similar in nature. Both are dynamic, distributed. Both use multi-hop broadcast or multicast as major pattern of traffic. Both set up connection by self-organizing and maintain connection by self-healing. Embodying the slogan networking without networks, both abandoned traditional client/server model and disclaimed pre-existing infrastructure. However, their status quo levels of real world application are widely divergent. P2P networks are now accountable for about 50 ~ 70% internet traffic, while MANETs are still primarily in the laboratory. The interesting and confusing phenomenon has sparked considerable research effort to transplant successful approaches from P2P networks into MANETs. While most research in the synergy of P2P networks and MANETs focuses on routing, the network bootstrapping problem remains indispensable for any such transplantation to be realized. The most pivotal problems in bootstrapping are: (1) automatic configuration of nodes addresses and IDs, (2) topology discovery and transformation in different layers and name spaces. In this dissertation research, we have found novel solutions for these problems. The contributions of this dissertation are: (1) a non-IP, flat address automatic configuration scheme, which integrates lower layer addresses and P2P IDs in application layer and makes simple cryptographical assignment possible. A related paper entitled Pastry over Ad-Hoc Networks with Automatic Flat Address Configuration was submitted to Elsevier Journal of Ad Hoc Networks in May. (2) an effective ring topology construction algorithm which builds perfect ring in P2P ID space using only simplest multi-hop unicast or multicast. Upon this ring, popular structured P2P networks like Chord, Pastry could be built with great ease. A related paper entitled Chord Bootstrapping on MANETs - All Roads lead to Rome will be ready for submission after defense of the dissertation

Evolving SDN for Low-Power IoT Networks

Software Defined Networking (SDN) offers a flexible and scalable architecture that abstracts decision making away from individual devices and provides a programmable network platform. However, implementing a centralized SDN architecture within the constraints of a low-power wireless network faces considerable challenges. Not only is controller traffic subject to jitter due to unreliable links and network contention, but the overhead generated by SDN can severely affect the performance of other traffic. This paper addresses the challenge of bringing high-overhead SDN architecture to IEEE 802.15.4 networks. We explore how traditional SDN needs to evolve in order to overcome the constraints of low-power wireless networks, and discuss protocol and architectural optimizations necessary to reduce SDN control overhead - the main barrier to successful implementation. We argue that interoperability with the existing protocol stack is necessary to provide a platform for controller discovery and coexistence with legacy networks. We consequently introduce {\mu}SDN, a lightweight SDN framework for Contiki, with both IPv6 and underlying routing protocol interoperability, as well as optimizing a number of elements within the SDN architecture to reduce control overhead to practical levels. We evaluate {\mu}SDN in terms of latency, energy, and packet delivery. Through this evaluation we show how the cost of SDN control overhead (both bootstrapping and management) can be reduced to a point where comparable performance and scalability is achieved against an IEEE 802.15.4-2012 RPL-based network. Additionally, we demonstrate {\mu}SDN through simulation: providing a use-case where the SDN configurability can be used to provide Quality of Service (QoS) for critical network flows experiencing interference, and we achieve considerable reductions in delay and jitter in comparison to a scenario without SDN

Leveraging upon standards to build the Internet of things

Smart embedded objects will become an important part of what is called the Internet of Things. However, the integration of embedded devices into the Internet introduces several challenges, since many of the existing Internet technologies and protocols were not designed for this class of devices. In the past few years, there were many efforts to enable the extension of Internet technologies to constrained devices. Initially, this resulted in proprietary protocols and architectures. Later, the integration of constrained devices into the Internet was embraced by IETF, moving towards standardized IP-based protocols. Long time, most efforts were focusing on the networking layer. More recently, the IETF CoRE working group started working on an embedded counterpart of HTTP, allowing the integration of constrained devices into existing service networks. In this paper, we will briefly review the history of integrating constrained devices into the Internet, with a prime focus on the IETF standardization work in the ROLL and CoRE working groups. This is further complemented with some research results that illustrate how these novel technologies can be extended or used to tackle other problems.The research leading to these results has received funding from the European Union's Seventh Framework Programme (FP7/2 007-2013) under grant agreement n°258885 (SPITFIRE project), from the iMinds ICON projects GreenWeCan and O’CareCloudS, and a VLI R PhD scholarship to Isam Ishaq

Enabling individually entrusted routing security for open and decentralized community networks

Routing in open and decentralized networks relies on cooperation. However, the participation of unknown nodes and node administrators pursuing heterogeneous trust and security goals is a challenge. Community-mesh networks are good examples of such environments due to their open structure, decentralized management, and ownership. As a result, existing community networks are vulnerable to various attacks and are seriously challenged by the obligation to find consensus on the trustability of participants within an increasing user size and diversity. We propose a practical and novel solution enabling a secured but decentralized trust management. This work presents the design and analysis of securely-entrusted multi-topology routing (SEMTOR), a set of routing-protocol mechanisms that enable the cryptographically secured negotiation and establishment of concurrent and individually trusted routing topologies for infrastructure-less networks without relying on any central management. The proposed mechanisms have been implemented, tested, and evaluated for their correctness and performance to exclude non-trusted nodes from the network. Respective safety and liveness properties that are guaranteed by our protocol have been identified and proven with formal reasoning. Benchmarking results, based on our implementation as part of the BMX7 routing protocol and tested on real and minimal (OpenWRT, 10 Euro) routers, qualify the behaviour, performance, and scalability of our approach, supporting networks with hundreds of nodes despite the use of strong asymmetric cryptography.Peer ReviewedPostprint (author's final draft