An Energy Aware and Secure MAC Protocol for Tackling Denial of Sleep Attacks in Wireless Sensor Networks

Wireless sensor networks which form part of the core for the Internet of Things consist of resource constrained sensors that are usually powered by batteries. Therefore, careful energy awareness is essential when working with these devices. Indeed,the introduction of security techniques such as authentication and encryption, to ensure confidentiality and integrity of data, can place higher energy load on the sensors. However, the absence of security protection c ould give room for energy drain attacks such as denial of sleep attacks which have a higher negative impact on the life span ( of the sensors than the presence of security features. This thesis, therefore, focuses on tackling denial of sleep attacks from two perspectives A security perspective and an energy efficiency perspective. The security perspective involves evaluating and ranking a number of security based techniques to curbing denial of sleep attacks. The energy efficiency perspective, on the other hand, involves exploring duty cycling and simulating three Media Access Control ( protocols Sensor MAC, Timeout MAC andTunableMAC under different network sizes and measuring different parameters such as the Received Signal Strength RSSI) and Link Quality Indicator ( Transmit power, throughput and energy efficiency Duty cycling happens to be one of the major techniques for conserving energy in wireless sensor networks and this research aims to answer questions with regards to the effect of duty cycles on the energy efficiency as well as the throughput of three duty cycle protocols Sensor MAC ( Timeout MAC ( and TunableMAC in addition to creating a novel MAC protocol that is also more resilient to denial of sleep a ttacks than existing protocols. The main contributions to knowledge from this thesis are the developed framework used for evaluation of existing denial of sleep attack solutions and the algorithms which fuel the other contribution to knowledge a newly developed protocol tested on the Castalia Simulator on the OMNET++ platform. The new protocol has been compared with existing protocols and has been found to have significant improvement in energy efficiency and also better resilience to denial of sleep at tacks Part of this research has been published Two conference publications in IEEE Explore and one workshop paper

A Survey on Layer-Wise Security Attacks in IoT: Attacks, Countermeasures, and Open-Issues

© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).Security is a mandatory issue in any network, where sensitive data are transferred safely in the required direction. Wireless sensor networks (WSNs) are the networks formed in hostile areas for different applications. Whatever the application, the WSNs must gather a large amount of sensitive data and send them to an authorized body, generally a sink. WSN has integrated with Internet-of-Things (IoT) via internet access in sensor nodes along with internet-connected devices. The data gathered with IoT are enormous, which are eventually collected by WSN over the Internet. Due to several resource constraints, it is challenging to design a secure sensor network, and for a secure IoT it is essential to have a secure WSN. Most of the traditional security techniques do not work well for WSN. The merger of IoT and WSN has opened new challenges in designing a secure network. In this paper, we have discussed the challenges of creating a secure WSN. This research reviews the layer-wise security protocols for WSN and IoT in the literature. There are several issues and challenges for a secure WSN and IoT, which we have addressed in this research. This research pinpoints the new research opportunities in the security issues of both WSN and IoT. This survey climaxes in abstruse psychoanalysis of the network layer attacks. Finally, various attacks on the network using Cooja, a simulator of ContikiOS, are simulated.Peer reviewe

Anomaly detection in smart city wireless sensor networks

Aquesta tesi proposa una plataforma de detecció d’intrusions per a revelar atacs a les xarxes de sensors sense fils (WSN, per les sigles en anglès) de les ciutats intel·ligents (smart cities). La plataforma està dissenyada tenint en compte les necessitats dels administradors de la ciutat intel·ligent, els quals necessiten accés a una arquitectura centralitzada que pugui gestionar alarmes de seguretat en un sistema altament heterogeni i distribuït. En aquesta tesi s’identifiquen els diversos passos necessaris des de la recollida de dades fins a l’execució de les tècniques de detecció d’intrusions i s’avalua que el procés sigui escalable i capaç de gestionar dades típiques de ciutats intel·ligents. A més, es comparen diversos algorismes de detecció d’anomalies i s’observa que els mètodes de vectors de suport d’una mateixa classe (one-class support vector machines) resulten la tècnica multivariant més adequada per a descobrir atacs tenint en compte les necessitats d’aquest context. Finalment, es proposa un esquema per a ajudar els administradors a identificar els tipus d’atacs rebuts a partir de les alarmes disparades.Esta tesis propone una plataforma de detección de intrusiones para revelar ataques en las redes de sensores inalámbricas (WSN, por las siglas en inglés) de las ciudades inteligentes (smart cities). La plataforma está diseñada teniendo en cuenta la necesidad de los administradores de la ciudad inteligente, los cuales necesitan acceso a una arquitectura centralizada que pueda gestionar alarmas de seguridad en un sistema altamente heterogéneo y distribuido. En esta tesis se identifican los varios pasos necesarios desde la recolección de datos hasta la ejecución de las técnicas de detección de intrusiones y se evalúa que el proceso sea escalable y capaz de gestionar datos típicos de ciudades inteligentes. Además, se comparan varios algoritmos de detección de anomalías y se observa que las máquinas de vectores de soporte de una misma clase (one-class support vector machines) resultan la técnica multivariante más adecuada para descubrir ataques teniendo en cuenta las necesidades de este contexto. Finalmente, se propone un esquema para ayudar a los administradores a identificar los tipos de ataques recibidos a partir de las alarmas disparadas.This thesis proposes an intrusion detection platform which reveals attacks in smart city wireless sensor networks (WSN). The platform is designed taking into account the needs of smart city administrators, who need access to a centralized architecture that can manage security alarms in a highly heterogeneous and distributed system. In this thesis, we identify the various necessary steps from gathering WSN data to running the detection techniques and we evaluate whether the procedure is scalable and capable of handling typical smart city data. Moreover, we compare several anomaly detection algorithms and we observe that one-class support vector machines constitute the most suitable multivariate technique to reveal attacks, taking into account the requirements in this context. Finally, we propose a classification schema to assist administrators in identifying the types of attacks compromising their networks

Vehicular Dynamic Spectrum Access: Using Cognitive Radio for Automobile Networks

Vehicular Dynamic Spectrum Access (VDSA) combines the advantages of dynamic spectrum access to achieve higher spectrum efficiency and the special mobility pattern of vehicle fleets. This dissertation presents several noval contributions with respect to vehicular communications, especially vehicle-to-vehicle communications. Starting from a system engineering aspect, this dissertation will present several promising future directions for vehicle communications, taking into consideration both the theoretical and practical aspects of wireless communication deployment. This dissertation starts with presenting a feasibility analysis using queueing theory to model and estimate the performance of VDSA within a TV whitespace environment. The analytical tool uses spectrum measurement data and vehicle density to find upper bounds of several performance metrics for a VDSA scenario in TVWS. Then, a framework for optimizing VDSA via artificial intelligence and learning, as well as simulation testbeds that reflect realistic spectrum sharing scenarios between vehicle networks and heterogeneous wireless networks including wireless local area networks and wireless regional area networks. Detailed experimental results justify the testbed for emulating a mobile dynamic spectrum access environment composed of heterogeneous networks with four dimensional mutual interference. Vehicular cooperative communication is the other proposed technique that combines the cooperative communication technology and vehicle platooning, an emerging concept that is expected to both increase highway utilization and enhance both driver experience and safety. This dissertation will focus on the coexistence of multiple vehicle groups in shared spectrum, where intra-group cooperation and inter-group competition are investigated in the aspect of channel access. Finally, a testbed implementation VDSA is presented and a few applications are developed within a VDSA environment, demonstrating the feasibility and benefits of some features in a future transportation system

A survey of evaluation platforms for ad hoc routing protocols: a resilience perspective

Routing protocols allow for the spontaneous formation of wireless multi-hop networks without dedicated infrastructure, also known as ad hoc networks. Despite significant technological advances, difficulties associated with the evaluation of ad hoc routing protocols under realistic conditions, still hamper their maturation and significant roll out in real world deployments. In particular, the resilience evaluation of ad hoc routing protocols is essential to determine their ability of keeping the routing service working despite the presence of changes, such as accidental faults or malicious ones (attacks). However, the resilience dimension is not always addressed by the evaluation platforms that are in charge of assessing these routing protocols. In this paper, we provide a survey covering current state-of-the-art evaluation platforms in the domain of ad hoc routing protocols paying special attention to the resilience dimension. The goal is threefold. First, we identify the most representative evaluation platforms and the routing protocols they have evaluated. Then, we analyse the experimental methodologies followed by such evaluation platforms. Finally, we create a taxonomy to characterise experimental properties of such evaluation platforms.This work is partially supported by the Spanish Project ARENES (TIN2012-38308-C02-01), the ANR French Project AMORES (ANR-11-INSE-010), and the Intel Doctoral Student Honour Programme 2012.Friginal López, J.; Andrés Martínez, DD.; Ruiz García, JC.; Martínez Raga, M. (2014). A survey of evaluation platforms for ad hoc routing protocols: a resilience perspective. Computer Networks. 75(A):395-413. https://doi.org/10.1016/j.comnet.2014.09.010S39541375

Integrated satellite-terrestrial connectivity for autonomous ships:Survey and future research directions

An autonomous vessel uses multiple different radio technologies such as satellites, mobile networks and dedicated narrowband systems, to connect to other ships, services, and the remote operations center (ROC). In-ship communication is mainly implemented with wired technologies but also wireless links can be used. In this survey paper, we provide a short overview of autonomous and remote-controlled systems. This paper reviews 5G-related standardization in the maritime domain, covering main use cases and both the role of autonomous ships and that of people onboard. We discuss the concept of a connectivity manager, an intelligent entity that manages complex set of technologies, integrating satellite and terrestrial technologies together, ensuring robust in-ship connections and ship-to-outside connections in any environment. This survey paper describes the architecture and functionalities of connectivity management required for an autonomous ship to be able to operate globally. As a specific case example, we have implemented a research environment consisting of ship simulators with connectivity components. Our simulation results on the effects of delays to collision avoidance confirm the role of reliable connectivity for safety. Finally, we outline future research directions for autonomous ship connectivity research, providing ideas for further work

Secure Routing and Medium Access Protocols inWireless Multi-hop Networks

While the rapid proliferation of mobile devices along with the tremendous growth of various applications using wireless multi-hop networks have significantly facilitate our human life, securing and ensuring high quality services of these networks are still a primary concern. In particular, anomalous protocol operation in wireless multi-hop networks has recently received considerable attention in the research community. These relevant security issues are fundamentally different from those of wireline networks due to the special characteristics of wireless multi-hop networks, such as the limited energy resources and the lack of centralized control. These issues are extremely hard to cope with due to the absence of trust relationships between the nodes. To enhance security in wireless multi-hop networks, this dissertation addresses both MAC and routing layers misbehaviors issues, with main focuses on thwarting black hole attack in proactive routing protocols like OLSR, and greedy behavior in IEEE 802.11 MAC protocol. Our contributions are briefly summarized as follows. As for black hole attack, we analyze two types of attack scenarios: one is launched at routing layer, and the other is cross layer. We then provide comprehensive analysis on the consequences of this attack and propose effective countermeasures. As for MAC layer misbehavior, we particularly study the adaptive greedy behavior in the context of Wireless Mesh Networks (WMNs) and propose FLSAC (Fuzzy Logic based scheme to Struggle against Adaptive Cheaters) to cope with it. A new characterization of the greedy behavior in Mobile Ad Hoc Networks (MANETs) is also introduced. Finally, we design a new backoff scheme to quickly detect the greedy nodes that do not comply with IEEE 802.11 MAC protocol, together with a reaction scheme that encourages the greedy nodes to become honest rather than punishing them

Secure Routing and Medium Access Protocols inWireless Multi-hop Networks

While the rapid proliferation of mobile devices along with the tremendous growth of various applications using wireless multi-hop networks have significantly facilitate our human life, securing and ensuring high quality services of these networks are still a primary concern. In particular, anomalous protocol operation in wireless multi-hop networks has recently received considerable attention in the research community. These relevant security issues are fundamentally different from those of wireline networks due to the special characteristics of wireless multi-hop networks, such as the limited energy resources and the lack of centralized control. These issues are extremely hard to cope with due to the absence of trust relationships between the nodes. To enhance security in wireless multi-hop networks, this dissertation addresses both MAC and routing layers misbehaviors issues, with main focuses on thwarting black hole attack in proactive routing protocols like OLSR, and greedy behavior in IEEE 802.11 MAC protocol. Our contributions are briefly summarized as follows. As for black hole attack, we analyze two types of attack scenarios: one is launched at routing layer, and the other is cross layer. We then provide comprehensive analysis on the consequences of this attack and propose effective countermeasures. As for MAC layer misbehavior, we particularly study the adaptive greedy behavior in the context of Wireless Mesh Networks (WMNs) and propose FLSAC (Fuzzy Logic based scheme to Struggle against Adaptive Cheaters) to cope with it. A new characterization of the greedy behavior in Mobile Ad Hoc Networks (MANETs) is also introduced. Finally, we design a new backoff scheme to quickly detect the greedy nodes that do not comply with IEEE 802.11 MAC protocol, together with a reaction scheme that encourages the greedy nodes to become honest rather than punishing them

Cascading attacks in Wi-Fi networks: demonstration and counter-measures

Wi-Fi (IEEE 802.11) is currently one of the primary media to access the Internet. Guaranteeing the availability of Wi-Fi networks is essential to numerous online activities, such as e-commerce, video streaming, and IoT services. Attacks on availability are generally referred to as Denial-of-Service (DoS) attacks. While there exists signif- icant literature on DoS attacks against Wi-Fi networks, most of the existing attacks are localized in nature, i.e., the attacker must be in the vicinity of the victim. The purpose of this dissertation is to investigate the feasibility of mounting global DoS attacks on Wi-Fi networks and develop effective counter-measures. First, the dissertation unveils the existence of a vulnerability at the MAC layer of Wi-Fi, which allows an adversary to remotely launch a Denial-of-Service (DoS) attack that propagates both in time and space. This vulnerability stems from a coupling effect induced by hidden nodes. Cascading DoS attacks can congest an entire network and do not require the adversary to violate any protocol. The dissertation demonstrates the feasibility of such attacks through experiments with real Wi-Fi cards, extensive ns-3 simulations, and theoretical analysis. The simulations show the attack is effective both in networks operating under fixed and varying bit rates, as well as ad hoc and infrastructure modes. To gain insight into the root-causes of the attack, the network is modeled as a dynamical system and its limiting behavior is analyzed. The model predicts that a phase transition (and hence a cascading attack) is possible when the retry limit parameter of Wi-Fi is greater or equal to 7. Next, the dissertation identifies a vulnerability at the physical layer of Wi-Fi that allows an adversary to launch cascading attacks with weak interferers. This vulnerability is induced by the state machine’s logic used for processing incoming packets. In contrast to the previous attack, this attack is effective even when interference caused by hidden nodes do not corrupt every packet transmission. The attack forces Wi-Fi rate adaptation algorithms to operate at a low bit rate and significantly degrades network performance, such as communication reliability and throughput. Finally, the dissertation proposes, analyzes, and simulates a method to prevent such attacks from occurring. The key idea is to optimize the duration of packet transmissions. To achieve this goal, it is essential to properly model the impact of MAC overhead, and in particular MAC timing parameters. A new theoretical model is thus proposed, which relates the utilization of neighboring pairs of nodes using a sequence of iterative equations and uses fixed point techniques to study the limiting behavior of the sequence. The analysis shows how to optimally set the packet duration so that, on the one hand, cascading DoS attacks are avoided and, on the other hand, throughput is maximized. The analytical results are validated by extensive ns-3 simulations. A key insight obtained from the analysis and simulations is that IEEE 802.11 networks with relatively large MAC overhead are less susceptible to cascading DoS attacks than networks with smaller MAC overhead