Reputation-Based Internet Protocol Security: A Multilayer Security Framework for Mobil Ad Hoc Networks

This research effort examines the theory, application, and results for a Reputation-based Internet Protocol Security (RIPSec) framework that provides security for an ad-hoc network operating in a hostile environment. In RIPSec, protection from external threats is provided in the form of encrypted communication links and encryption-wrapped nodes while internal threats are mitigated by behavior grading that assigns reputations to nodes based on their demonstrated participation in the routing process. Network availability is provided by behavior grading and round-robin multipath routing. If a node behaves faithfully, it earns a positive reputation over time. If a node misbehaves (for any number of reasons, not necessarily intentional), it earns a negative reputation. Each member of the MANET has its own unique and subjective set of Reputation Indexes (RI) that enumerates the perceived reputation of the other MANET nodes. Nodes that desire to send data will eliminate relay nodes they perceive to have a negative reputation during the formulation of a route. A 50-node MANET is simulated with streaming multimedia and varying levels of misbehavior to determine the impact of the framework on network performance. Results of this research were very favorable. Analysis of the simulation data shows the number of routing errors sent in a MANET is reduced by an average of 52% when using RIPSec. The network load is also reduced, decreasing the overall traffic introduced into the MANET and permitting individual nodes to perform more work without overtaxing their limited resources. Finally, throughput is decreased due to larger packet sizes and longer round trips for packets to traverse the MANET, but is still sufficient to pass traffic with high bandwidth requirements (i.e., video and imagery) that is of interest in military networks

Network tomography application in mobile ad-hoc networks.

The memorability of mobile ad-hoc network (MANET) is the precondition of its management, performance optimization and network resources re-allocations. The traditional network interior measurement technique performs measurement on the nodes or links directly, and obtains the node or link performance through analyzing the measurement sample, which usually is used in the wired networks measurement based on the solid infrastructure. However, MANET is an infrastructure-free, multihop, and self-organized temporary network, comprised of a group of mobile nodes with wireless communication devices. Not only does its topology structure vary with time, but also the communication protocol used in its network layer or data link layer is diverse and non-standard. Specially, with the limitation of node energy and wireless bandwidth, the traditional interior network measurement technique is not suited for the measurement requirement of MANET. In order to solve the problem of interior links performance (such as packet loss rate and delay) measurement in MANET, this dissertation has adopted an external measurement based on network tomography (NT). Being a new measurement technology, NT collects the sample of path performance based on end-to-end measurement to infer the probability distribution of the network logical links performance parameters by using mathematical statistics theory, which neither need any cooperation from internal network, nor dependence from communication protocols, and has the merit of being deployed exibly. Thus from our literature review it can be concluded that Network Tomography technique is adaptable for ad-hoc network measurement. We have the following contribution in the eld of ad-hoc network performance: PLE Algorithm: We developed the PLE algorithm based on EM model, which statistically infer the link performance. Stitching Algorithm: Stitching algorithm is based on the isomorphic properties of a directed graph. The proposed algorithm concatenates the links, which are common over various steady state period and carry forward the ones, which are not. Hence in the process it gives the network performance analysis of the entire network over the observation period. EM routing: EM routing is based on the statistical inference calculated by our PLE algorithm. EM routing provides multiple performance metric such as link delay and hops of all the possible path in various time period in a wireless mesh network

Network-centric automated planning and execution

Web services provide interoperability to network hosts with different capabilities. Complex tasks can be performed by composing services, assuming sufficient service descriptions are provided. Researchers are just beginning to realize the importance of accounting for network properties during automated service composition. The work presented in this thesis considers dynamic, heterogeneous networks—one type of network-centric environment.The purpose of this research is to improve network-centric service composition. This is accomplished by converting the service composition problem to an automated planning under uncertainty problem and by reasoning about network properties at various stages of the planning process. This thesis presents a method of improving the agents’ ability to construct, execute, and monitor plans in network-centric environments.There are two main contributions of this thesis: 1) generating qualitatively-different plans and 2) creating network-aware agents. As part of the former contribution, this thesis presents a comparison of methods used to create classical planning domains for distributed service composition problems. The other part of this contribution is an algorithm for guiding a plan-space planner to create qualitatively-different plans based on domain-dependent and network-centric plan evaluations. The second contribution pertains to network-awareness, which agents exhibit by reacting to changes in network conditions. This thesis describes methods of incorporating network-awareness into agents that 1) create plans, 2) execute plans, and 3) monitor plan execution.Experiments to validate the aforementioned contributions are presented in the context of an Improvised Explosive Device (IED) detection scenario. Several locations are monitored for IEDs using a variety of techniques including manual searching and visual change detection, as well as a variety of resources including humans, robots, and unmanned aerial vehicles (UAVs). Empirical results indicate that incorporating network-awareness into agents in dynamic, heterogeneous networks improves the overall service composition performance and effectiveness.M.S., Computer Science -- Drexel University, 200

Supporting Collaboration in Mobile Environments

Continued rapid improvements in the hardware capabilities of mobile computing devices is driving a parallel need for a paradigm shift in software design for such devices with the aim of ushering in new classes of software applications for devices of the future. One such class of software application is collaborative applications that seem to reduce the burden and overhead of collaborations on human users by providing automated computational support for the more mundane and mechanical aspects of a cooperative effort. This dissertation addresses the research and software engineering questions associated with building a workflow-based collaboration system that can operate across mobile ad hoc networks, the most dynamic type of mobile networks that can function without dependence on any fixed external resources. While workflow management systems have been implemented for stable wired networks, the transition to a mobile network required the development of a knowledge management system for improving the predictability of the network topology, a mobility-aware specification language to specify workflows, and its accompanying algorithms that help automate key pieces of the software. In addition to details of the formulation, design, and implementation of the various algorithms and software components. this dissertation also describes the construction of a custom mobile workflow simulator that can be used to conduct simulation experiments that verify the effectiveness of the approaches presented in this document and beyond. Also presented are empirical results obtained using this simulator that show the effectiveness of the described approaches

LVMM: The Localized Vehicular Multicast Middleware - a Framework for Ad Hoc Inter-Vehicles Multicast Communications

This thesis defines a novel semantic for multicast in vehicular ad hoc networks (VANETs) and it defines a middleware, the Localized Vehicular Multicast Middleware (LVMM) that enables minimum cost, source-based multicast communications in VANETs. The middleware provides support to find vehicles suitable to sustain multicast communications, to maintain multicast groups, and to execute a multicast routing protocol, the Vehicular Multicast Routing Protocol (VMRP), that delivers messages of multicast applications to all the recipients utilizing a loop-free, minimum cost path from each source to all the recipients. LVMM does not require a vehicle to know all other members: only knowledge of directly reachable nodes is required to perform the source-based routing

A Framework to Quantify Network Resilience and Survivability

The significance of resilient communication networks in the modern society is well established. Resilience and survivability mechanisms in current networks are limited and domain specific. Subsequently, the evaluation methods are either qualitative assessments or context-specific metrics. There is a need for rigorous quantitative evaluation of network resilience. We propose a service oriented framework to characterize resilience of networks to a number of faults and challenges at any abstraction level. This dissertation presents methods to quantify the operational state and the expected service of the network using functional metrics. We formalize resilience as transitions of the network state in a two-dimensional state space quantifying network characteristics, from which network service performance parameters can be derived. One dimension represents the network as normally operating, partially degraded, or severely degraded. The other dimension represents network service as acceptable, impaired, or unacceptable. Our goal is to initially understand how to characterize network resilience, and ultimately how to guide network design and engineering toward increased resilience. We apply the proposed framework to evaluate the resilience of the various topologies and routing protocols. Furthermore, we present several mechanisms to improve the resilience of the networks to various challenges

Forewarding in Mobile Opportunistic Networks

Recent advances in processor speeds, mobile communications and battery life have enabled computers to evolve from completely wired to completely mobile. In the most extreme case, all nodes are mobile and communication takes place at available opportunities – using both traditional communication infrastructure as well as the mobility of intermediate nodes. These are mobile opportunistic networks. Data communication in such networks is a difficult problem, because of the dynamic underlying topology, the scarcity of network resources and the lack of global information. Establishing end-to-end routes in such networks is usually not feasible. Instead a store-and-carry forwarding paradigm is better suited for such networks. This dissertation describes and analyzes algorithms for forwarding of messages in such networks. In order to design effective forwarding algorithms for mobile opportunistic networks, we start by first building an understanding of the set of all paths between nodes, which represent the available opportunities for any forwarding algorithm. Relying on real measurements, we enumerate paths between nodes and uncover what we refer to as the path explosion effect. The term path explosion refers to the fact that the number of paths between a randomly selected pair of nodes increases exponentially with time. We draw from the theory of epidemics to model and explain the path explosion effect. This is the first contribution of the thesis, and is a key observation that underlies subsequent results. Our second contribution is the study of forwarding algorithms. For this, we rely on trace driven simulations of different algorithms that span a range of design dimensions. We compare the performance (success rate and average delay) of these algorithms. We make the surprising observation that most algorithms we consider have roughly similar performance. We explain this result in light of the path explosion phenomenon. While the performance of most algorithms we studied was roughly the same, these algorithms differed in terms of cost. This prompted us to focus on designing algorithms with the explicit intent of reducing costs. For this, we cast the problem of forwarding as an optimal stopping problem. Our third main contribution is the design of strategies based on optimal stopping principles which we refer to as Delegation schemes. Our analysis shows that using a delegation scheme reduces cost over naive forwarding by a factor of O(√N), where N is the number of nodes in the network. We further validate this result on real traces, where the cost reduction observed is even greater. Our results so far include a key assumption, which is unbounded buffers on nodes. Next, we relax this assumption, so that the problem shifts to one of prioritization of messages for transmission and dropping. Our fourth contribution is the study of message prioritization schemes, combined with forwarding. Our main result is that one achieves higher performance by assigning higher priorities to young messages in the network. We again interpret this result in light of the path explosion effect.Thomson Research, Paris; National Science Foundation (CCR-0325701, ANI-0322990); HAGGLE FET Project; Erramilli family

Design and evaluation of wireless dense networks : application to in-flight entertainment systems

Le réseau sans fil est l'un des domaines de réseautage les plus prometteurs avec des caractéristiques uniques qui peuvent fournir la connectivité dans les situations où il est difficile d'utiliser un réseau filaire, ou lorsque la mobilité des nœuds est nécessaire. Cependant, le milieu de travail impose généralement diverses contraintes, où les appareils sans fil font face à différents défis lors du partage des moyens de communication. De plus, le problème s'aggrave avec l'augmentation du nombre de nœuds. Différentes solutions ont été introduites pour faire face aux réseaux très denses. D'autre part, un nœud avec une densité très faible peut créer un problème de connectivité et peut conduire à l'optension de nœuds isolés et non connectes au réseau. La densité d'un réseau est définit en fonction du nombre de nœuds voisins directs au sein de la portée de transmission du nœud. Cependant, nous croyons que ces métriques ne sont pas suffisants et nous proposons une nouvelle mesure qui considère le nombre de voisins directs et la performance du réseau. Ainsi, la réponse du réseau, respectant l'augmentation du nombre de nœuds, est considérée lors du choix du niveau de la densité. Nous avons défini deux termes: l'auto-organisation et l'auto-configuration, qui sont généralement utilisés de façon interchangeable dans la littérature en mettant en relief la différence entre eux. Nous estimons qu'une définition claire de la terminologie peut éliminer beaucoup d'ambiguïté et aider à présenter les concepts de recherche plus clairement. Certaines applications, telles que Ies systèmes "In-Flight Entertainment (IFE)" qui se trouvent à l'intérieur des cabines d'avions, peuveut être considérées comme des systèmes sans fil de haute densité, même si peu de nœuds sont relativement présents. Pour résoudre ce problème, nous proposons une architecture hétérogène de différentes technologies à fin de surmonter les contraintes spécifiques de l'intérieur de la cabine. Chaque technologie vise à résoudre une partie du problème. Nous avons réalisé diverses expérimentations et simulations pour montrer la faisabilité de l'architecture proposée. Nous avons introduit un nouveau protocole d'auto-organisation qui utilise des antennes intelligentes pour aider certains composants du système IFE; à savoir les unités d'affichage et leurs systèmes de commande, à s'identifier les uns les autres sans aucune configuration préliminaire. Le protocole a été conçu et vérifié en utilisant le langage UML, puis, un module de NS2 a été créé pour tester les différents scénarios.Wireless networking is one of the most challenging networking domains with unique features that can provide connectivity in situations where it is difficult to use wired networking, or when ! node mobility is required. However, the working environment us! ually im poses various constrains, where wireless devices face various challenges when sharing the communication media. Furthermore, the problem becomes worse when the number of nodes increase. Different solutions were introduced to cope with highly dense networks. On the other hand, a very low density can create a poor connectivity problem and may lead to have isolated nodes with no connection to the network. It is common to define network density according to the number of direct neighboring nodes within the node transmission range. However, we believe that such metric is not enough. Thus, we propose a new metric that encompasses the number of direct neighbors and the network performance. In this way, the network response, due to the increasing number of nodes, is considered when deciding the density level. Moreover, we defined two terms, self-organization and self-configuration, which are usually used interchangeably in the literature through highlighting the difference ! between them. We believe that having a clear definition for terminology can eliminate a lot of ambiguity and help to present the research concepts more clearly. Some applications, such as In-Flight Entertainment (IFE) systems inside the aircraft cabin, can be considered as wirelessly high dense even if relatively few nodes are present. To solve this problem, we propose a heterogeneous architecture of different technologies to overcome the inherited constrains inside the cabin. Each technology aims at solving a part of the problem. We held various experimentation and simulations to show the feasibility of the proposed architecture