Experimental Performance Evaluation and Frame Aggregation Enhancement in IEEE 802.11n WLANs

The IEEE 802.11n standard promises to extend today’s most popular WLAN standard by significantly increasing reach, reliability, and throughput. Ratified on September 2009, this standard defines many new physical and medium access control (MAC) layer enhancements. These enhancements aim to provide a data transmission rate of up to 600 Mbps. Since June 2007, 802.11n products are available on the enterprise market based on the draft 2.0. In this paper we investigate the effect of most of the proposed 802.11n MAC and physical layer features on the adhoc networks performance. We have performed several experiments in real conditions. The experimental results demonstrated the effectiveness of 802.11n enhancement. We have also examined the interoperability and fairness of 802.11n. The frame aggregation mechanism of 802.11n MAC layer can improve the efficiency of channel utilization by reducing the protocol overheads. We focused on the effect of frame aggregation on the support of voice and video applications in wireless networks. We also propose a new frame aggregation scheduler that considers specific QoS requirements for multimedia applications. We dynamically adjust the aggregated frame size based on frame's access category defined in 802.11e standard

Cache Pollution Attacks in the NDN Architecture: Impact and Analysis

International audienceNamed Data Networking (NDN), one of the most suitable candidates for the future Internet architecture, allows all network nodes to have a local cache that is used to serve incoming content requests. Content caching is an essential component in NDN: content is cached in routers and used for future requests in order to reduce bandwidth consumption and improve data delivery speed. Moreover, NDN introduces new self-certifying contents features that obviously improve data security and make NDN a secured-by-design architecture able to support an efficient and secure content distribution at a global scale. However, basic NDN security mechanisms, such as signatures and encryption, are not sufficient to ensure security in these networks. Indeed, the availability of the Data in several caches in the network allows malicious nodes to perform attacks that are relatively easy to implement and very effective. Such attacks include Cache Pollution Attacks (CPA), Cache Privacy Attacks, Content Poisoning Attacks and Interest Flooding Attacks. In this paper, we identify the different attack models that can disrupt the NDN operation. We conducted several simulations on NDNSim to assess the impact of the Cache Pollution Attack on the performance of a Named Data Network. More precisely, we implemented different attack scenarios and analyzed their impact in terms of cache hit ratio, data retrieval delay and hit damage ratio

Cache Pollution Attacks in the NDN Architecture: Impact and Analysis

International audienceNamed Data Networking (NDN), one of the most suitable candidates for the future Internet architecture, allows all network nodes to have a local cache that is used to serve incoming content requests. Content caching is an essential component in NDN: content is cached in routers and used for future requests in order to reduce bandwidth consumption and improve data delivery speed. Moreover, NDN introduces new self-certifying contents features that obviously improve data security and make NDN a secured-by-design architecture able to support an efficient and secure content distribution at a global scale. However, basic NDN security mechanisms, such as signatures and encryption, are not sufficient to ensure security in these networks. Indeed, the availability of the Data in several caches in the network allows malicious nodes to perform attacks that are relatively easy to implement and very effective. Such attacks include Cache Pollution Attacks (CPA), Cache Privacy Attacks, Content Poisoning Attacks and Interest Flooding Attacks. In this paper, we identify the different attack models that can disrupt the NDN operation. We conducted several simulations on NDNSim to assess the impact of the Cache Pollution Attack on the performance of a Named Data Network. More precisely, we implemented different attack scenarios and analyzed their impact in terms of cache hit ratio, data retrieval delay and hit damage ratio

A Detection Mechanism for Cache Pollution Attack in Named Data Network Architecture

International audienceBasic Named Data Networks (NDN) security mechanisms, rely on twomain key features. The first one is the caching mechanism where it manages to minimize both the bandwidth usage and the data retrieval delay all along with congestionavoidance by storing, in the intermediate routers, the contents recently demanded toquickly serve future consumers’ requests. The second key feature is the NDN security which stands on its foundation by signing each Data as soon as it releasedby the Producer and gets verified by each requesting consumer so that it makes itresilient to most attacks that affect the integrity of such content and the privacy ofits end points. However, the availability of the Data in the cache of the CS allowsthe malicious consumers to perform several attacks such as Cache Pollution Attack(CPA) which is easy to implement and extremely effective. As a result, it makes thedata on the cache unavailable for legitimate consumers and increases its retrievaldelay. In this paper, we propose a new detection mechanism of CPA called ICAN(Intrusion detection system for CPA attack in NDN architecture) based on severalmetrics such as Average Cache Hit Ratio, Average Interest Inter-Arrival Time, HopCount and Prefix variation. We assess by simulation, using the NDNSim framework,the efficiency of our mechanism and the choice of the used parameters. Finally, weelaborate a qualitative comparison between our proposed solution and the state-of-the-art mechanisms

A Survey on Security Attacks and Intrusion Detection Mechanisms in Named Data Networking

International audienceDespite the highly secure content sharing and the optimized forwarding mechanism, the content delivery in a Named Data Network (NDN) still suffers from numerous vulnerabilities that can be exploited to reduce the efficiency of such architecture. Malicious attacks in NDN have become more sophisticated and the foremost challenge is to identify unknown and obfuscated malware, as the malware authors use different evasion techniques for information concealing to prevent detection by an Intrusion Detection System (IDS). For the most part, NDN faces immense negative impacts from attacks such as Cache Pollution Attacks (CPA), Cache Privacy Attacks, Cache Poisoning Attacks, and Interest Flooding Attacks (IFA), that target different security components, including availability, integrity, and confidentiality. This poses a critical challenge to the design of IDS in NDN. This paper provides the latest taxonomy, together with a review of the significant research works on IDSs up to the present time, and a classification of the proposed systems according to the taxonomy. It provides a structured and comprehensive overview of the existing IDSs so that a researcher can create an even better mechanism for the previously mentioned attacks. This paper discusses the limits of the techniques applied to design IDSs with recent findings that can be further exploited in order to optimize those detection and mitigation mechanisms

A Survey on Security Attacks and Intrusion Detection Mechanisms in Named Data Networking

Despite the highly secure content sharing and the optimized forwarding mechanism, the content delivery in a Named Data Network (NDN) still suffers from numerous vulnerabilities that can be exploited to reduce the efficiency of such architecture. Malicious attacks in NDN have become more sophisticated and the foremost challenge is to identify unknown and obfuscated malware, as the malware authors use different evasion techniques for information concealing to prevent detection by an Intrusion Detection System (IDS). For the most part, NDN faces immense negative impacts from attacks such as Cache Pollution Attacks (CPA), Cache Privacy Attacks, Cache Poisoning Attacks, and Interest Flooding Attacks (IFA), that target different security components, including availability, integrity, and confidentiality. This poses a critical challenge to the design of IDS in NDN. This paper provides the latest taxonomy, together with a review of the significant research works on IDSs up to the present time, and a classification of the proposed systems according to the taxonomy. It provides a structured and comprehensive overview of the existing IDSs so that a researcher can create an even better mechanism for the previously mentioned attacks. This paper discusses the limits of the techniques applied to design IDSs with recent findings that can be further exploited in order to optimize those detection and mitigation mechanisms

Attacks, Detection Mechanisms and Their Limits in Named Data Networking (NDN)

International audienceProposals for Information Centric Networking (ICN) have recently emerged to rethink the foundations of the Internet and design a native data-oriented network architecture. Among the current ICN projects, Named Data Networking (NDN) is a promising architecture supported by the National Science Foundation (NSF). The NDN communication model is based on the Publish/Subscribe paradigm and focuses on broadcasting and finding content and introduces caching in intermediate routers. Data packets are sent in response to a prior request called an Interest packet and the data are cached along the way to the original requester. Content caching is an essential component of NDN in order to reduce bandwidth consumption and improve data delivery speed, however, this feature allows malicious nodes to perform attacks that are relatively simple to implement but very effective. For that reason, the goal of this paper is to study and classify the types of attacks that can target the NDN architecture such as (Cache Pollution Attack (CPA), Cache Poisoning Attack, Cache Privacy Attack, Interest Flooding Attack (IFA), etc) according to their consequences in terms of reducing the performance of the network. Moreover, we give an overview about the proposed detection mechanisms and their limitations

Satellite image restoration in the context of a spatially varying point spread function

International audienc

Impact Analysis of Greedy Behavior Attacks in Vehicular Ad hoc Networks

International audienceVehicular Ad hoc Networks (VANETs), while promising new approaches to improving road safety, must be protected from a variety of threats. Greedy behavior attacks at the level of the Medium Access (MAC) Layer can have devastating effects on the performance of a VANET. This kind of attack has been extensively studied in contention-based MAC protocols. Hence, in this work, we focus on studying the impact of such an attack on a contention-free MAC protocol called Distributed TDMA-based MAC Protocol DTMAC. We identify new vulnerabilities related to the MAC slot scheduling process that can affect the slot reservation process on the DTMAC protocol and we use simulations to evaluate their impact on network performance. Exploitation of these vulnerabilities would result in a severe waste of channel capacity where up to a third of the free slots could not be reserved in the presence of an attacker. Moreover, multiple attackers could cripple the channel and none could acquire a time slot

Impact Analysis of Greedy Behavior Attacks in Vehicular Ad hoc Networks

International audienceVehicular Ad hoc Networks (VANETs), while promising new approaches to improving road safety, must be protected from a variety of threats. Greedy behavior attacks at the level of the Medium Access (MAC) Layer can have devastating effects on the performance of a VANET. This kind of attack has been extensively studied in contention-based MAC protocols. Hence, in this work, we focus on studying the impact of such an attack on a contention-free MAC protocol called Distributed TDMA-based MAC Protocol DTMAC. We identify new vulnerabilities related to the MAC slot scheduling process that can affect the slot reservation process on the DTMAC protocol and we use simulations to evaluate their impact on network performance. Exploitation of these vulnerabilities would result in a severe waste of channel capacity where up to a third of the free slots could not be reserved in the presence of an attacker. Moreover, multiple attackers could cripple the channel and none could acquire a time slot