Contributions to Wireless multi-hop networks : Quality of Services and Security concerns

Ce document résume mes travaux de recherche conduits au cours de ces 6 dernières années. Le principal sujet de recherche de mes contributions est la conception et l’évaluation des solutions pour les réseaux sans fil multi-sauts en particulier les réseaux mobiles adhoc (MANETs), les réseaux véhiculaires ad hoc (VANETs), et les réseaux de capteurs sans fil (WSNs). La question clé de mes travaux de recherche est la suivante : « comment assurer un transport des données e cace en termes de qualité de services (QoS), de ressources énergétiques, et de sécurité dans les réseaux sans fil multi-sauts? » Pour répondre à cette question, j’ai travaillé en particulier sur les couches MAC et réseau et utilisé une approche inter-couches.Les réseaux sans fil multi-sauts présentent plusieurs problèmes liés à la gestion des ressources et au transport des données capable de supporter un grand nombre de nœuds, et d’assurer un haut niveau de qualité de service et de sécurité.Dans les réseaux MANETs, l’absence d’infrastructure ne permet pas d’utiliser l’approche centralisée pour gérer le partage des ressources, comme l’accès au canal.Contrairement au WLAN (réseau sans fil avec infrastructure), dans les réseaux Ad hoc les nœuds voisins deviennent concurrents et il est di cile d’assurer l’équité et l’optimisation du débit. La norme IEEE802.11 ne prend pas en compte l’équité entre les nœuds dans le contexte des MANETs. Bien que cette norme propose di érents niveaux de transmission, elle ne précise pas comment allouer ces débits de manière e cace. En outre, les MANETs sont basés sur le concept de la coopération entre les nœuds pour former et gérer un réseau. Le manque de coopération entre les nœuds signifie l’absence de tout le réseau. C’est pourquoi, il est primordial de trouver des solutions pour les nœuds non-coopératifs ou égoïstes. Enfin, la communication sans fil multi-sauts peut participer à l’augmentation de la couverture radio. Les nœuds de bordure doivent coopérer pour transmettre les paquets des nœuds voisins qui se trouvent en dehors de la zone de couverture de la station de base.Dans les réseaux VANETs, la dissémination des données pour les applications de sureté est un vrai défi. Pour assurer une distribution rapide et globale des informations, la méthode de transmission utilisée est la di usion. Cette méthode présente plusieurs inconvénients : perte massive des données due aux collisions, absence de confirmation de réception des paquets, non maîtrise du délai de transmission, et redondance de l’information. De plus, les applications de sureté transmettent des informations critiques, dont la fiabilité et l’authenticité doivent être assurées.Dans les réseaux WSNs, la limitation des ressources (bande passante, mémoire, énergie, et capacité de calcul), ainsi que le lien sans fil et la mobilité rendent la conception d’un protocole de communication e cace di cile. Certaines applications nécessitent un taux important de ressources (débit, énergie, etc) ainsi que des services de sécurité, comme la confidentialité et l’intégrité des données et l’authentification mutuelle. Ces paramètres sont opposés et leur conciliation est un véritable défi. De plus, pour transmettre de l’information, certaines applications ont besoin de connaître la position des nœuds dans le réseau. Les techniques de localisation sou rent d’un manque de précision en particulier dans un environnement fermé (indoor), et ne permettent pas de localiser les nœuds dans un intervalle de temps limité. Enfin, la localisation des nœuds est nécessaire pour assurer le suivi d’objet communicant ou non. Le suivi d’objet est un processus gourmand en énergie, et requiert de la précision.Pour répondre à ces défis, nous avons proposé et évalué des solutions, présentées de la manière suivante : l’ensemble des contributions dédiées aux réseaux MANETs est présenté dans le deuxième chapitre. Le troisième chapitre décrit les solutions apportées dans le cadre des réseaux VANETs. Enfin, les contributions liées aux réseaux WSNs sont présentées dans le quatrième chapitre

Game theory for cooperation in multi-access edge computing

Cooperative strategies amongst network players can improve network performance and spectrum utilization in future networking environments. Game Theory is very suitable for these emerging scenarios, since it models high-complex interactions among distributed decision makers. It also finds the more convenient management policies for the diverse players (e.g., content providers, cloud providers, edge providers, brokers, network providers, or users). These management policies optimize the performance of the overall network infrastructure with a fair utilization of their resources. This chapter discusses relevant theoretical models that enable cooperation amongst the players in distinct ways through, namely, pricing or reputation. In addition, the authors highlight open problems, such as the lack of proper models for dynamic and incomplete information scenarios. These upcoming scenarios are associated to computing and storage at the network edge, as well as, the deployment of large-scale IoT systems. The chapter finalizes by discussing a business model for future networks.info:eu-repo/semantics/acceptedVersio

Synoptic analysis techniques for intrusion detection in wireless networks

Current system administrators are missing intrusion alerts hidden by large numbers of false positives. Rather than accumulation more data to identify true alerts, we propose an intrusion detection tool that e?ectively uses select data to provide a picture of ?network health?. Our hypothesis is that by utilizing the data available at both the node and cooperative network levels we can create a synoptic picture of the network providing indications of many intrusions or other network issues. Our major contribution is to provide a revolutionary way to analyze node and network data for patterns, dependence, and e?ects that indicate network issues. We collect node and network data, combine and manipulate it, and tease out information about the state of the network. We present a method based on utilizing the number of packets sent, number of packets received, node reliability, route reliability, and entropy to develop a synoptic picture of the network health in the presence of a sinkhole and a HELLO Flood attacker. This method conserves network throughput and node energy by requiring no additional control messages to be sent between the nodes unless an attacker is suspected. We intend to show that, although the concept of an intrusion detection system is not revolutionary, the method in which we analyze the data for clues about network intrusion and performance is highly innovative

Contributions to the security of cognitive radio networks

The increasing emergence of wireless applications along with the static spectrum allocation followed by regulatory bodies has led to a high inefficiency in spectrum usage, and the lack of spectrum for new services. In this context, Cognitive Radio (CR) technology has been proposed as a possible solution to reuse the spectrum being underutilized by licensed services. CRs are intelligent devices capable of sensing the medium and identifying those portions of the spectrum being unused. Based on their current perception of the environment and on that learned from past experiences, they can optimally tune themselves with regard to parameters such as frequency, coding and modulation, among others. Due to such properties, Cognitive Radio Networks (CRNs) can act as secondary users of the spectrum left unused by their legal owners or primary users, under the requirement of not interfering primary communications. The successful deployment of these networks relies on the proper design of mechanisms in order to efficiently detect spectrum holes, adapt to changing environment conditions and manage the available spectrum. Furthermore, the need for addressing security issues is evidenced by two facts. First, as for any other type of wireless network, the air is used as communications medium and can easily be accessed by attackers. On the other hand, the particular attributes of CRNs offer new opportunities to malicious users, ranging from providing wrong information on the radio environment to disrupting the cognitive mechanisms, which could severely undermine the operation of these networks. In this Ph.D thesis we have approached the challenge of securing Cognitive Radio Networks. Because CR technology is still evolving, to achieve this goal involves not only providing countermeasures for existing attacks but also to identify new potential threats and evaluate their impact on CRNs performance. The main contributions of this thesis can be summarized as follows. First, a critical study on the State of the Art in this area is presented. A qualitative analysis of those threats to CRNs already identified in the literature is provided, and the efficacy of existing countermeasures is discussed. Based on this work, a set of guidelines are designed in order to design a detection system for the main threats to CRNs. Besides, a high level description of the components of this system is provided, being it the second contribution of this thesis. The third contribution is the proposal of a new cross-layer attack to the Transmission Control Protocol (TCP) in CRNs. An analytical model of the impact of this attack on the throughput of TCP connections is derived, and a set of countermeasures in order to detect and mitigate the effect of such attack are proposed. One of the main threats to CRNs is the Primary User Emulation (PUE) attack. This attack prevents CRNs from using available portions of the spectrum and can even lead to a Denial of Service (DoS). In the fourth contribution of this the method is proposed in order to deal with such attack. The method relies on a set of time measures provided by the members of the network and allows estimating the position of an emitter. This estimation is then used to determine the legitimacy of a given transmission and detect PUE attacks. Cooperative methods are prone to be disrupted by malicious nodes reporting false data. This problem is addressed, in the context of cooperative location, in the fifth and last contribution of this thesis. A method based on Least Median Squares (LMS) fitting is proposed in order to detect forged measures and make the location process robust to them. The efficiency and accuracy of the proposed methodologies are demonstrated by means of simulation

Asioiden Internetin tietoturva: ratkaisuja, standardeja ja avoimia ongelmia

Internet of Things (IoT) extends the Internet to our everyday objects, which enables new kind of applications and services. These IoT applications face demanding technical challenges: the number of ‘things’ or objects can be very large, they can be very con-strained devices, and may need to operate on challenging and dynamic environments. However, the architecture of today’s Internet is based on many legacy protocols and technology that were not originally designed to support features like mobility or the huge and growing number of objects the Internet consists of today. Similarly, many security features of today’s Internet are additional layers built to fill up flaws in the un-derlying design. Fulfilling new technical requirements set by IoT applications requires efficient solutions designed for the IoT use from the ground up. Moreover, the imple-mentation of this new IoT technology requires interoperability and integration with tra-ditional Internet. Due to considerable technical challenges, the security is an often over-looked aspect in the emerging new IoT technology. This thesis surveys general security requirements for the entire field of IoT applica-tions. Out of the large amount of potential applications, this thesis focuses on two major IoT application fields: wireless sensor networks and vehicular ad-hoc networks. The thesis introduces example scenarios and presents major security challenges related to these areas. The common standards related to the areas are examined in the security perspective. The thesis also examines research work beyond the area of standardization in an attempt to find solutions to unanswered security challenges. The thesis aims to give an introduction to the security challenges in the IoT world and review the state of the security research through these two major IoT areas

Defense and traceback mechanisms in opportunistic wireless networks

 In this thesis, we have identified a novel attack in OppNets, a special type of packet dropping attack where the malicious node(s) drops one or more packets (not all the packets) and then injects new fake packets instead. We name this novel attack as the Catabolism attack and propose a novel attack detection and traceback approach against this attack referred to as the Anabolism defence. As part of the Anabolism defence approach we have proposed three techniques: time-based, Merkle tree based and Hash chain based techniques for attack detection and malicious node(s) traceback. We provide mathematical models that show our novel detection and traceback mechanisms to be very effective and detailed simulation results show our defence mechanisms to achieve a very high accuracy and detection rate

Reputation systems and secure communication in vehicular networks

A thorough review of the state of the art will reveal that most VANET applications rely on Public Key Infrastructure (PKI), which uses user certificates managed by a Certification Authority (CA) to handle security. By doing so, they constrain the ad-hoc nature of the VANET imposing a frequent connection to the CA to retrieve the Certificate Revocation List (CRL) and requiring some degree of roadside infrastructure to achieve that connection. Other solutions propose the usage of group signatures where users organize in groups and elect a group manager. The group manager will need to ensure that group members do not misbehave, i.e., do not spread false information, and if they do punish them, evict them from the group and report them to the CA; thus suffering from the same CRL retrieval problem. In this thesis we present a fourfold contribution to improve security in VANETs. First and foremost, Chains of Trust describes a reputation system where users disseminate Points of Interest (POIs) information over the network while their privacy remains protected. It uses asymmetric cryptography and users are responsible for the generation of their own pair of public and private keys. There is no central entity which stores the information users input into the system; instead, that information is kept distributed among the vehicles that make up the network. On top of that, this system requires no roadside infrastructure. Precisely, our main objective with Chains of Trust was to show that just by relying on people¿s driving habits and the sporadic nature of their encounters with other drivers a successful reputation system could be built. The second contribution of this thesis is the application simulator poiSim. Many¿s the time a new VANET application is presented and its authors back their findings using simulation results from renowned networks simulators like ns-2. The major issue with network simulators is that they were not designed with that purpose in mind and handling simulations with hundreds of nodes requires a massive processing power. As a result, authors run small simulations (between 50 and 100 nodes) with vehicles that move randomly in a squared area instead of using real maps, which rend unrealistic results. We show that by building tailored application simulators we can obtain more realistic results. The application simulator poiSim processes a realistic mobility trace produced by a Multi-agent Microscopic Traffic Simulator developed at ETH Zurich, which accurately describes the mobility patterns of 259,977 vehicles over regional maps of Switzerland for 24 hours. This simulation runs on a desktop PC and lasts approximately 120 minutes. In our third contribution we took Chains of Trust one step further in the protection of user privacy to develop Anonymous Chains of Trust. In this system users can temporarily exchange their identity with other users they trust, thus making it impossible for an attacker to know in all certainty who input a particular piece of information into the system. To the best of our knowledge, this is the first time this technique has been used in a reputation system. Finally, in our last contribution we explore a different form of communication for VANETs. The vast majority of VANET applications rely on the IEEE 802.11p/Wireless Access in Vehicular Environments (WAVE) standard or some other form of radio communication. This poses a security risk if we consider how vulnerable radio transmission is to intentional jamming and natural interferences: an attacker could easily block all radio communication in a certain area if his transmitter is powerful enough. Visual Light Communication (VLC), on the other hand, is resilient to jamming over a wide area because it relies on visible light to transmit information and ,unlike WAVE, it has no scalability problems. In this thesis we show that VLC is a secure and valuable form of communication in VANETs

Performance evaluation of cooperation strategies for m-health services and applications

Health telematics are becoming a major improvement for patients’ lives, especially for disabled, elderly, and chronically ill people. Information and communication technologies have rapidly grown along with the mobile Internet concept of anywhere and anytime connection. In this context, Mobile Health (m-Health) proposes healthcare services delivering, overcoming geographical, temporal and even organizational barriers. Pervasive and m-Health services aim to respond several emerging problems in health services, including the increasing number of chronic diseases related to lifestyle, high costs in existing national health services, the need to empower patients and families to self-care and manage their own healthcare, and the need to provide direct access to health services, regardless the time and place. Mobile Health (m- Health) systems include the use of mobile devices and applications that interact with patients and caretakers. However, mobile devices have several constraints (such as, processor, energy, and storage resource limitations), affecting the quality of service and user experience. Architectures based on mobile devices and wireless communications presents several challenged issues and constraints, such as, battery and storage capacity, broadcast constraints, interferences, disconnections, noises, limited bandwidths, and network delays. In this sense, cooperation-based approaches are presented as a solution to solve such limitations, focusing on increasing network connectivity, communication rates, and reliability. Cooperation is an important research topic that has been growing in recent years. With the advent of wireless networks, several recent studies present cooperation mechanisms and algorithms as a solution to improve wireless networks performance. In the absence of a stable network infrastructure, mobile nodes cooperate with each other performing all networking functionalities. For example, it can support intermediate nodes forwarding packets between two distant nodes. This Thesis proposes a novel cooperation strategy for m-Health services and applications. This reputation-based scheme uses a Web-service to handle all the nodes reputation and networking permissions. Its main goal is to provide Internet services to mobile devices without network connectivity through cooperation with neighbor devices. Therefore resolving the above mentioned network problems and resulting in a major improvement for m-Health network architectures performances. A performance evaluation of this proposal through a real network scenario demonstrating and validating this cooperative scheme using a real m-Health application is presented. A cryptography solution for m-Health applications under cooperative environments, called DE4MHA, is also proposed and evaluated using the same real network scenario and the same m-Health application. Finally, this work proposes, a generalized cooperative application framework, called MobiCoop, that extends the incentive-based cooperative scheme for m-Health applications for all mobile applications. Its performance evaluation is also presented through a real network scenario demonstrating and validating MobiCoop using different mobile applications