Universe Detectors for Sybil Defense in Ad Hoc Wireless Networks

The Sybil attack in unknown port networks such as wireless is not considered tractable. A wireless node is not capable of independently differentiating the universe of real nodes from the universe of arbitrary non-existent fictitious nodes created by the attacker. Similar to failure detectors, we propose to use universe detectors to help nodes determine which universe is real. In this paper, we (i) define several variants of the neighborhood discovery problem under Sybil attack (ii) propose a set of matching universe detectors (iii) demonstrate the necessity of additional topological constraints for the problems to be solvable: node density and communication range; (iv) present SAND -- an algorithm that solves these problems with the help of appropriate universe detectors, this solution demonstrates that the proposed universe detectors are the weakest detectors possible for each problem

Secure Routing and Medium Access Protocols inWireless Multi-hop Networks

While the rapid proliferation of mobile devices along with the tremendous growth of various applications using wireless multi-hop networks have significantly facilitate our human life, securing and ensuring high quality services of these networks are still a primary concern. In particular, anomalous protocol operation in wireless multi-hop networks has recently received considerable attention in the research community. These relevant security issues are fundamentally different from those of wireline networks due to the special characteristics of wireless multi-hop networks, such as the limited energy resources and the lack of centralized control. These issues are extremely hard to cope with due to the absence of trust relationships between the nodes. To enhance security in wireless multi-hop networks, this dissertation addresses both MAC and routing layers misbehaviors issues, with main focuses on thwarting black hole attack in proactive routing protocols like OLSR, and greedy behavior in IEEE 802.11 MAC protocol. Our contributions are briefly summarized as follows. As for black hole attack, we analyze two types of attack scenarios: one is launched at routing layer, and the other is cross layer. We then provide comprehensive analysis on the consequences of this attack and propose effective countermeasures. As for MAC layer misbehavior, we particularly study the adaptive greedy behavior in the context of Wireless Mesh Networks (WMNs) and propose FLSAC (Fuzzy Logic based scheme to Struggle against Adaptive Cheaters) to cope with it. A new characterization of the greedy behavior in Mobile Ad Hoc Networks (MANETs) is also introduced. Finally, we design a new backoff scheme to quickly detect the greedy nodes that do not comply with IEEE 802.11 MAC protocol, together with a reaction scheme that encourages the greedy nodes to become honest rather than punishing them

Secure Routing and Medium Access Protocols inWireless Multi-hop Networks

While the rapid proliferation of mobile devices along with the tremendous growth of various applications using wireless multi-hop networks have significantly facilitate our human life, securing and ensuring high quality services of these networks are still a primary concern. In particular, anomalous protocol operation in wireless multi-hop networks has recently received considerable attention in the research community. These relevant security issues are fundamentally different from those of wireline networks due to the special characteristics of wireless multi-hop networks, such as the limited energy resources and the lack of centralized control. These issues are extremely hard to cope with due to the absence of trust relationships between the nodes. To enhance security in wireless multi-hop networks, this dissertation addresses both MAC and routing layers misbehaviors issues, with main focuses on thwarting black hole attack in proactive routing protocols like OLSR, and greedy behavior in IEEE 802.11 MAC protocol. Our contributions are briefly summarized as follows. As for black hole attack, we analyze two types of attack scenarios: one is launched at routing layer, and the other is cross layer. We then provide comprehensive analysis on the consequences of this attack and propose effective countermeasures. As for MAC layer misbehavior, we particularly study the adaptive greedy behavior in the context of Wireless Mesh Networks (WMNs) and propose FLSAC (Fuzzy Logic based scheme to Struggle against Adaptive Cheaters) to cope with it. A new characterization of the greedy behavior in Mobile Ad Hoc Networks (MANETs) is also introduced. Finally, we design a new backoff scheme to quickly detect the greedy nodes that do not comply with IEEE 802.11 MAC protocol, together with a reaction scheme that encourages the greedy nodes to become honest rather than punishing them

Smart Wireless Sensor Networks

The recent development of communication and sensor technology results in the growth of a new attractive and challenging area - wireless sensor networks (WSNs). A wireless sensor network which consists of a large number of sensor nodes is deployed in environmental fields to serve various applications. Facilitated with the ability of wireless communication and intelligent computation, these nodes become smart sensors which do not only perceive ambient physical parameters but also be able to process information, cooperate with each other and self-organize into the network. These new features assist the sensor nodes as well as the network to operate more efficiently in terms of both data acquisition and energy consumption. Special purposes of the applications require design and operation of WSNs different from conventional networks such as the internet. The network design must take into account of the objectives of specific applications. The nature of deployed environment must be considered. The limited of sensor nodes� resources such as memory, computational ability, communication bandwidth and energy source are the challenges in network design. A smart wireless sensor network must be able to deal with these constraints as well as to guarantee the connectivity, coverage, reliability and security of network's operation for a maximized lifetime. This book discusses various aspects of designing such smart wireless sensor networks. Main topics includes: design methodologies, network protocols and algorithms, quality of service management, coverage optimization, time synchronization and security techniques for sensor networks

Autenticación de contenidos y control de acceso en redes peer-to-peer puras

Esta tesis doctoral se enmarca dentro del área de investigación de la seguridad en entornos Peer-to-Peer (P2P) totalmente descentralizados (también denominados puros.) En particular, el objetivo principal de esta tesis doctoral es definir, analizar e implementar un esquema para la distribución segura de los contenidos compartidos. En este trabajo de tesis se han realizado importantes avances e innovadoras aportaciones enfocadas a garantizar que el contenido compartido es auténtico; es decir, que no ha sido alterado, incluso tratándose de una réplica del original. Además, se propone un mecanismo de control de acceso orientado a proporcionar servicios de autorización en un entorno que no cuenta con una jerarquía de autoridades de certificación. A continuación, se resume la metodología seguida, las principales aportaciones de esta tesis y, finalmente, se muestran las conclusiones más importantes. __________________________________________The study and analysis of the state-of-the-art on security in Peer-to-Peer (P2P) networks gives us many important insights regarding the lack of practical security mechanisms in such fully decentralized and highly dynamic networks. The major problems range from the absence of content authentication mechanisms, which address and assure the authenticity and integrity of the resources shared by networking nodes, to access control proposals, which provide authorization services. In particular, the combination of both, authentication and access control, within well-known P2P file sharing systems may involve several advances in the content replication and distribution processes. The aim of this thesis is to define, develop and evaluate a secure P2P content distribution scheme for file sharing scenarios. The proposal will be based on the use of digital certificates, similar to those used in the provision of public key authenticity. To carry out this proposal in such an environment, which does not count on a hierarchy of certification authorities, we will explore the application of non-conventional techniques, such as Byzantine agreement protocols and schemes based on “proof-of-work.” We then propose a content authentication protocol for pure P2P file sharing systems. Under certain restrictions, our scheme provides guarantees that a content is authentic, i.e. it has not been altered, even if it is a replica of the original and the source has lost control over it. Moreover, we extend our initial work by showing how digital certificates can be modified to provide authorization capabilities for self-organizing peers. The entire scheme is first theoretically analyzed, and also implemented in C and Java in order to evaluate its performance. This document is presented as Ph.D. Thesis within the 2007–08 Ph.D. in Computer Science Program at Carlos III University of Madrid

A reputation framework for behavioural history: developing and sharing reputations from behavioural history of network clients

The open architecture of the Internet has enabled its massive growth and success by facilitating easy connectivity between hosts. At the same time, the Internet has also opened itself up to abuse, e.g. arising out of unsolicited communication, both intentional and unintentional. It remains an open question as to how best servers should protect themselves from malicious clients whilst offering good service to innocent clients. There has been research on behavioural profiling and reputation of clients, mostly at the network level and also for email as an application, to detect malicious clients. However, this area continues to pose open research challenges. This thesis is motivated by the need for a generalised framework capable of aiding efficient detection of malicious clients while being able to reward clients with behaviour profiles conforming to the acceptable use and other relevant policies. The main contribution of this thesis is a novel, generalised, context-aware, policy independent, privacy preserving framework for developing and sharing client reputation based on behavioural history. The framework, augmenting existing protocols, allows fitting in of policies at various stages, thus keeping itself open and flexible to implementation. Locally recorded behavioural history of clients with known identities are translated to client reputations, which are then shared globally. The reputations enable privacy for clients by not exposing the details of their behaviour during interactions with the servers. The local and globally shared reputations facilitate servers in selecting service levels, including restricting access to malicious clients. We present results and analyses of simulations, with synthetic data and some proposed example policies, of client-server interactions and of attacks on our model. Suggestions presented for possible future extensions are drawn from our experiences with simulation

Security and Privacy for Modern Wireless Communication Systems

The aim of this reprint focuses on the latest protocol research, software/hardware development and implementation, and system architecture design in addressing emerging security and privacy issues for modern wireless communication networks. Relevant topics include, but are not limited to, the following: deep-learning-based security and privacy design; covert communications; information-theoretical foundations for advanced security and privacy techniques; lightweight cryptography for power constrained networks; physical layer key generation; prototypes and testbeds for security and privacy solutions; encryption and decryption algorithm for low-latency constrained networks; security protocols for modern wireless communication networks; network intrusion detection; physical layer design with security consideration; anonymity in data transmission; vulnerabilities in security and privacy in modern wireless communication networks; challenges of security and privacy in node–edge–cloud computation; security and privacy design for low-power wide-area IoT networks; security and privacy design for vehicle networks; security and privacy design for underwater communications networks

Mobile Ad-Hoc Networks

Being infrastructure-less and without central administration control, wireless ad-hoc networking is playing a more and more important role in extending the coverage of traditional wireless infrastructure (cellular networks, wireless LAN, etc). This book includes state-of the-art techniques and solutions for wireless ad-hoc networks. It focuses on the following topics in ad-hoc networks: vehicular ad-hoc networks, security and caching, TCP in ad-hoc networks and emerging applications. It is targeted to provide network engineers and researchers with design guidelines for large scale wireless ad hoc networks

Protocolos tolerantes a faltas bizantinas para sistemas distribuídos dinâmicos

Tese (doutorado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Engenharia de Automação e Sistemas, Florianópolis, 2011As novas tecnologias de comunicação e a maior disponibilidade de recursos em redes de comunicação vêm provocando profundas mudanças na forma de se projetar aplicações distribuídas. Estas mudanças possibilitaram o surgimento dos sistemas distribuídos dinâmicos, que se caracterizam por serem sistemas onde os componentes podem entrar e sair do mesmo em qualquer momento. Sendo assim, os protocolos desenvolvidos para estes sistemas devem detectar e tratar mudanças que ocorrem na composição da aplicação distribuída, permitindo sua reconfiguração em tempo de execução. Desta forma, os participantes destas aplicações são caracterizados principalmente pela heterogeneidade e não confiabilidade. No desenvolvimento de aplicações distribuídas seguras e confiáveis, vários problemas são identificados como peças fundamentais por formarem a base para a maioria das soluções empregadas nestas aplicações. Neste sentido, surge a necessidade do desenvolvimento de protocolos que resolvem estes problemas em sistemas distribuídos dinâmicos. Como os participantes destas computações não são confiáveis, torna-se essencial que estes protocolos suportem os atributos de segurança de funcionamento. Esta tese apresenta estudos e protocolos para a solução dos principais destes problemas fundamentais em sistemas distribuídos dinâmicos, os quais são: o problema do consenso, sistemas de quóruns e replicação Máquina de Estados. O problema do consenso é estudado em redes desconhecidas, onde são definidas as condições necessárias e suficientes para resolver o consenso. Estas condições especificam o grau de conhecimento sobre a composição do sistema dinâmico que deve ser obtido pelos participantes e o nível de sincronia que deve ser observado no mesmo. A segunda contribuição desta tese é formada principalmente por um conjunto de protocolos para reconfiguração de sistemas de quóruns, os quais podem ser divididos em: (1) algoritmos para inicialização da reconfiguração; (2) algoritmos para geração de novas visões do sistema; e (3) algoritmos para instalação das visões atualizadas. Várias combinações destes algoritmos são possíveis, resultando em um sistema com diferentes características e garantias. Estes protocolos são completamente desacoplados dos protocolos de leitura e escrita no registrador, facilitanto a integração dos mesmos com os mais variados sistemas de quóruns encontrados na literatura, além de aumentar o desempenho do sistema. A última grande contribuição desta tese refere-se à adição de suporte à reconfiguração em replicação Máquina de Estados. Nestas reconfigurações, tanto o conjunto de participantes do sistema quanto parâmetros da replicação podem ser alterados, resultando em um sistema bastante robusto e flexível. Todas as soluções propostas nesta tese suportam a presença de participantes maliciosos no sistema e fornecem protocolos que incorporam os atributos de confiabilidade, disponibilidade e integridade para suas aplicaçõe