Data Confidentiality in Mobile Ad hoc Networks

Mobile ad hoc networks (MANETs) are self-configuring infrastructure-less networks comprised of mobile nodes that communicate over wireless links without any central control on a peer-to-peer basis. These individual nodes act as routers to forward both their own data and also their neighbours' data by sending and receiving packets to and from other nodes in the network. The relatively easy configuration and the quick deployment make ad hoc networks suitable the emergency situations (such as human or natural disasters) and for military units in enemy territory. Securing data dissemination between these nodes in such networks, however, is a very challenging task. Exposing such information to anyone else other than the intended nodes could cause a privacy and confidentiality breach, particularly in military scenarios. In this paper we present a novel framework to enhance the privacy and data confidentiality in mobile ad hoc networks by attaching the originator policies to the messages as they are sent between nodes. We evaluate our framework using the Network Simulator (NS-2) to check whether the privacy and confidentiality of the originator are met. For this we implemented the Policy Enforcement Points (PEPs), as NS-2 agents that manage and enforce the policies attached to packets at every node in the MANET.Comment: 12 page

Revisiting Internet Adressing: Back to the Future!

IP prefixes undermine three goals of Internet routing: accurate reflection of network-layer reachability, secure routing messages, and effective traffic control. This paper presents Atomic IP (AIP), a simple change to Internet addressing (which in fact reverts to how addressing once worked), that allows Internet routing to achieve these goals

UCIP: User controlled internet protocol

Internet protocols have developed significantly over the last 50 years but have reached a point where the further improvements in performance, resilience, security and privacy cannot be achieved by simple incremental changes. This paper proposes a new IP protocol that puts the user's end host at the centre of major algorithmic decisions. It consist of three new mechanisms: a private source routing establishment protocol that allows inter-domain traffic routes to be decided by the user and kept private from the providers whilst allowing for anonymous connections where two node can communicate without knowing the identity/address of the other end point; a mechanism to control reception of packets that mitigates denial-of-service attacks and a new directory system that puts the end user at the core of the decisions enabling anycast and mobility with a pub-sub mechanism with fine grain capabilities for describe resources. These changes allow end nodes to have a much tighter control of how they send and receive their traffic and provide a paradigm shift for the Internet ecosystem

Critical Infrastructures You Can Trust: Where Telecommunications Fits

This paper discusses two NISs: the public telephone network (PTN) and the Internet. Being themselves large and complex NISs, they not only merit study in their own right but can help us to understand some of the technical problems faced by the developers and operators of other NISs. In addition, the high cost of building a global communications infrastructure from the ground up implies that one or both of these two networks is likely to furnish communications services for most other NISs. Therefore, an understanding of the vulnerabilties of the PTN and Internet informs the assessment of the trustworthiness of other NISs. Ideas for improving the trustworthiness of the PTN and Internet are also proposed, both for the short-term (by improved use of existing technologies and procedures) and for the long-term (by identifying some areas where the state-of-the-art is inadequate and research is therefore needed). Finally, some observations are offered about Internet telephony and the use of the Internet for critical infrastructures

Survey and Analysis of Production Distributed Computing Infrastructures

This report has two objectives. First, we describe a set of the production distributed infrastructures currently available, so that the reader has a basic understanding of them. This includes explaining why each infrastructure was created and made available and how it has succeeded and failed. The set is not complete, but we believe it is representative. Second, we describe the infrastructures in terms of their use, which is a combination of how they were designed to be used and how users have found ways to use them. Applications are often designed and created with specific infrastructures in mind, with both an appreciation of the existing capabilities provided by those infrastructures and an anticipation of their future capabilities. Here, the infrastructures we discuss were often designed and created with specific applications in mind, or at least specific types of applications. The reader should understand how the interplay between the infrastructure providers and the users leads to such usages, which we call usage modalities. These usage modalities are really abstractions that exist between the infrastructures and the applications; they influence the infrastructures by representing the applications, and they influence the ap- plications by representing the infrastructures

A session-based architecture for Internet mobility

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, February 2003.Includes bibliographical references (p. 179-189).The proliferation of mobile computing devices and wireless networking products over the past decade has led to an increasingly nomadic computing lifestyle. A computer is no longer an immobile, gargantuan machine that remains in one place for the lifetime of its operation. Today's personal computing devices are portable, and Internet access is becoming ubiquitous. A well-traveled laptop user might use half a dozen different networks throughout the course of a day: a cable modem from home, wide-area wireless on the commute, wired Ethernet at the office, a Bluetooth network in the car, and a wireless, local-area network at the airport or the neighborhood coffee shop. Mobile hosts are prone to frequent, unexpected disconnections that vary greatly in duration. Despite the prevalence of these multi-homed mobile devices, today's operating systems on both mobile hosts and fixed Internet servers lack fine-grained support for network applications on intermittently connected hosts. We argue that network communication is well-modeled by a session abstraction, and present Migrate, an architecture based on system support for a flexible session primitive. Migrate works with application-selected naming services to enable seamless, mobile "suspend/resume" operation of legacy applications and provide enhanced functionality for mobile-aware, session-based network applications, enabling adaptive operation of mobile clients and allowing Internet servers to support large numbers of intermittently connected sessions. We describe our UNIX-based implementation of Migrate and show that sessions are a flexible, robust, and efficient way to manage mobile end points, even for legacy applications.(cont.) In addition, we demonstrate two popular Internet servers that have been extended to leverage our novel notion of session continuations to enable support for large numbers of suspended clients with only minimal resource impact. Experimental results show that Migrate introduces only minor throughput degradation (less than 2% for moderate block sizes) when used over popular access link technologies, gracefully detects and suspends disconnected sessions, rapidly resumes from suspension, and integrates well with existing applications.by Mark Alexander Connell Snoeren.Ph.D

Resource management for data streaming applications

This dissertation investigates novel middleware mechanisms for building streaming applications. Developing streaming applications is a challenging task because (i) they are continuous in nature; (ii) they require fusion of data coming from multiple sources to derive higher level information; (iii) they require efficient transport of data from/to distributed sources and sinks; (iv) they need access to heterogeneous resources spanning sensor networks and high performance computing; and (v) they are time critical in nature. My thesis is that an intuitive programming abstraction will make it easier to build dynamic, distributed, and ubiquitous data streaming applications. Moreover, such an abstraction will enable an efficient allocation of shared and heterogeneous computational resources thereby making it easier for domain experts to build these applications. In support of the thesis, I present a novel programming abstraction, called DFuse, that makes it easier to develop these applications. A domain expert only needs to specify the input and output connections to fusion channels, and the fusion functions. The subsystems developed in this dissertation take care of instantiating the application, allocating resources for the application (via the scheduling heuristic developed in this dissertation) and dynamically managing the resources (via the dynamic scheduling algorithm presented in this dissertation). Through extensive performance evaluation, I demonstrate that the resources are allocated efficiently to optimize the throughput and latency constraints of an application.Ph.D.Committee Chair: Ramachandran, Umakishore; Committee Member: Chervenak, Ann; Committee Member: Cooper, Brian; Committee Member: Liu, Ling; Committee Member: Schwan, Karste