Gibbsian Method for the Self-Optimization of Cellular Networks

In this work, we propose and analyze a class of distributed algorithms performing the joint optimization of radio resources in heterogeneous cellular networks made of a juxtaposition of macro and small cells. Within this context, it is essential to use algorithms able to simultaneously solve the problems of channel selection, user association and power control. In such networks, the unpredictability of the cell and user patterns also requires distributed optimization schemes. The proposed method is inspired from statistical physics and based on the Gibbs sampler. It does not require the concavity/convexity, monotonicity or duality properties common to classical optimization problems. Besides, it supports discrete optimization which is especially useful to practical systems. We show that it can be implemented in a fully distributed way and nevertheless achieves system-wide optimality. We use simulation to compare this solution to today's default operational methods in terms of both throughput and energy consumption. Finally, we address concrete issues for the implementation of this solution and analyze the overhead traffic required within the framework of 3GPP and femtocell standards.Comment: 25 pages, 9 figures, to appear in EURASIP Journal on Wireless Communications and Networking 201

Group Authentication: A New Paradigm for Emerging Applications

Traditional secure registration protocols rely on client-server authentication procedures. This concept has been extended to support single client registration to multiple servers, using single sign-on protocols. In this paper, we design a framework to solve the reverse single sign-on problem: How can multiple clients securely register with the same server/network in a single registration procedure? The main advantage of our framework is that it allows multiple clients to register with an infrastructure, such as a cellular network, as a group, yet generate individual session keys as well as a group session key. With this, the process of authenticating a large number of clients is greatly simplified, thereby dramatically reducing overheads. With a view towards simplifying the exposition, we describe how our framework can be applied for performing group authentication of devices in the machine-to-machine context. While this is an immediate area of application, we outline other extensions of the framework in the application layer including webcasting in a social networking environment. (c) 2012 Alcatel-Lucent

Jammer localization in wireless networks: An experimentation-driven approach

Jamming attacks have become prevalent during the last few years facilitated by the open access to the shared wireless medium as well as the increased motivation and easiness to create damage as a result of sophistication of wireless devices, both legitimate and jamming ones. Among the challenges that a wireless network faces while trying to confront the jammer, jammer localization is of utmost importance. This entails estimating the physical location of the jammer. Successful jammer localization can trigger a series of corrective measures to ensure sustainable network operation. However, locating the jammer is a difficult problem. Our primary goal in this paper is to design a simple, lightweight and generic approach for localizing a jamming device through a set of measurable parameters. The key observation guiding our design, is that the Packet Delivery Ratio (PDR) that can be readily measured locally by a device decreases as a receiver moves closer to the jammer. Further, we draw on the gradient-descent principle from optimization theory, and we adapt it to operate on the discrete plane of the network topology so that the jamming device location can be estimated. The very nature of the gradient-descent algorithm allows the distributed execution of our localization scheme. In this paper, we compute and experimentally validate the impact of jammer on the PDR of a link and we show that this impact decreases as the link moves away from the jammer. We further design a distributed, lightweight jammer localization system, which does not require any modifications to the driver/firmware of commercial NICs, while we implement a prototype system to evaluate our scheme on our 802.11 indoor testbed. Finally, we evaluate the performance of our system via extensive simulations in larger scale settings. Its performance in terms of average location estimation error in combination with its simplicity and distributed operations hold great promise

Lightweight jammer localization in wireless networks: System design and implementation

Jamming attacks have become prevalent during the last few years, due to the shared nature and the open access to the wireless medium. Finding the location of a jamming device is of great importance for restoring normal network operations. After detecting the malicious node we want to find its position, in order for further security actions to be taken. Our goal in this paper is the design and implementation of a simple, lightweight and generic localization algorithm. Our scheme is based on the principles of the gradient descent minimization algorithm. The key observation is that the Packet Delivery Ratio (PDR) has lower values as we move closer to the jammer. Hence, the use of a gradient-based scheme, operating on the discrete plane of the network topology, can help locate the jamming device. The contributions of our work are the following: (a) We demonstrate, through analysis and experimentation, the way that the jamming effects propagate through the network in terms of the observed PDR. (b) We design a distributed, lightweight jammer localization system which does not require any modifications to the driver/firmware of commercial NICs. (c) We implement and evaluate our localization system on our 802.11 indoor testbed. An attractive and important feature of our system is that it does not rely on special hardware

Detecting and Preventing Machine-to-Machine Hijacking Attacks in Cellular Networks

Machine-to-machine (M2M) communications are increasingly popular over cellular networks, due to their unlimited potential and the low cost of deployment. As a result, M2M infrastructures are attractive targets to attackers. For instance, hackers may use a water meter to browse the web over a mobile network. Given the expected tremendous growth of the M2M market within the next few years, such attacks can have a devastating impact on the economics of mobile broadband. However, prior studies in the area of fraud have not considered the inherent properties of cellular M2M deployments. In this paper, we demonstrate how hijacking attacks apply to contemporary networks, and provide a solution for mitigating them. In particular, we propose a novel framework for detecting and preventing M2M device hijacking. Our solution is novel in two main ways: 1) It is network centric, and 2) it completely avoids the use of overhead-intensive cryptographic functions. (c) 2012 Alcatel-Lucent

Secure Enablement of Real Time Applications: A Novel End-to-End Approach

The Internet has evolved into a multi-service Internet Protocol (IP) network with support for various types of traffic, including multimedia. Given the relatively open nature of IP networks, securely enabling multimedia services is increasingly important. While protocols such as Secure Real Time Protocol (SRTP) provide container formats for various applications, the supporting security solutions lack end-to-end secure key management. In this paper, we propose a novel secure key management framework targeted for real time applications in multi-operator environments. In particular, by leveraging an Identity-Based Authenticated Key Exchange (IBAKE) protocol, we develop secure key management solutions to support two-party communications, conferencing applications, call forking, call redirect, and deferred delivery. Our framework eliminates the need for costly public key infrastructure (PKI) or other online solutions, overcomes the problem of key escrow while providing perfect forward and backwards secrecy, and works across applications and media types. Overall, our solution opens-up new lines of research and business opportunities in secure application enablement. (c) 2012 Alcatel-Lucent

Routing-aware channel selection in multi-radio mesh networks

Efficient channel selection is essential in 802.11 mesh deployments, for minimizing contention and interference among co-channel devices and thereby supporting a plurality of QoS-sensitive applications. In this paper, we propose ARACHNE, a routing-aware channel selection protocol for wireless mesh networks. ARACHNE is distributed in nature, and motivated by our measurements on a wireless testbed. The main novelty of our protocol comes from adopting a metric that captures the end-to-end link loads across different routes in the network. ARACHNE prioritizes the assignment of low-interference channels to links that (a) need to serve high-load aggregate traffic and/or (b) already suffer significant levels of contention and interference. Our protocol takes into account the number of potential interfaces (radios) per device, and allocates these interfaces in a manner that efficiently utilizes the available channel capacity. We evaluate ARACHNE through extensive, trace-driven simulations. We observe that our protocol improves the total network throughput, as compared to three other channel allocation strategies. ©2009 IEEE

LAC: Load-aware channel selection in 802.11 WLANs

Dense deployments of hybrid WLANs result in high levels of interference and low end-user throughput. Many frequency allocation mechanisms for WLANs have been proposed by a large body of previous studies. However, none of these mechanisms considers the load that is carried by APs in terms of channel conditions, number of affiliated users as well as traffic-load, in conjunction. In this paper, we propose LAC, a load-aware channel allocation scheme for WLANs, which considers all the above performance determinant factors. LAC incorporates an airtime cost metric into its channel scanning process, in order to capture the effects of these factors and select the channel with the maximum long-term throughput. We evaluate LAC through extensive OPNET simulations, for many different traffic scenarios. Our simulations demonstrate that LAC outperforms other frequency allocation policies for WLANs in terms of total network throughput by up to 135%. © 2008 IEEE

A measurement-driven anti-jamming system for 802.11 networks

Dense, unmanaged IEEE 802.11 deployments tempt saboteurs into launching jamming attacks by injecting malicious interference. Nowadays, jammers can be portable devices that transmit intermittently at low power in order to conserve energy. In this paper, we first conduct extensive experiments on an indoor 802.11 network to assess the ability of two physical-layer functions, rate adaptation and power control, in mitigating jamming. In the presence of a jammer, we find that: 1) the use of popular rate adaptation algorithms can significantly degrade network performance; and 2) appropriate tuning of the carrier sensing threshold allows a transmitter to send packets even when being jammed and enables a receiver to capture the desired signal. Based on our findings, we build ARES, an Anti-jamming REinforcement System, which tunes the parameters of rate adaptation and power control to improve the performance in the presence of jammers. ARES ensures that operations under benign conditions are unaffected. To demonstrate the effectiveness and generality of ARES, we evaluate it in three wireless test-beds: 1) an 802.11n WLAN with MIMO nodes; 2) an 802.11a/g mesh network with mobile jammers; and 3) an 802.11a WLAN with TCP traffic. We observe that ARES improves the network throughput across all test-beds by up to 150%. © 2011 IEEE

Quantifying the overhead due to routing probes in multi-rate WMNs

The selection of high-throughput routes is a key element towards improving the performance of wireless multihop networks. While several routing metrics have been proposed in the literature, it has been shown that link-quality aware metrics can provide significantly higher end-to-end throughput. To date, the online computation of such metrics requires the periodic transmission of probe packets at all available transmission rates. However, our link level measurement study on two different 802.11 testbeds demonstrates that: (a) multi-rate probe transmissions increase the number of collisions and enforce nodes to reside in the back-off state for prolonged time periods, and (b) the extent of performance degradation depends on the network density; a network-wide throughput reduction of the order of 400% is possible. In addition, our measurements show that the impact of probing in terms of end-to-end performance can be devastating. In particular, the probing functionality can pose a significant degradation in the end-to-end throughput of a single flow, by at least 35% and as high as 90%, depending on the probing frequency and network density. Finally, we discuss different alternatives to multi-rate probing for the online computation of such metrics. ©2010 IEEE