Foundational Forensic Techniques for Cellular and Ad Hoc Multi-hop Networks

Zhao, Xiwei

26 March 2008

The Internet has become an integral part of our nation's critical socio-economic infrastructure. With its heightened use and growing complexity however, organizations are at greater risk of cyber crimes. To aid in the investigation of crimes committed on or via the Internet, a network forensics analysis tool pulls together needed digital evidence. It provides a platform for performing deep network analysis by capturing, recording and analyzing network events to find out the source of a security attack or other information security incidents. Existing network forensics work has been mostly focused on the Internet and fixed networks. But the exponential growth and use of wireless technologies, coupled with their unprecedented characteristics, necessitates the development of new network forensic analysis tools. This dissertation fostered the emergence of a new research field in cellular and ad-hoc network forensics. It was one of the first works to identify this problem and offer fundamental techniques and tools that laid the groundwork for future research. In particular, it introduced novel methods to record network incidents and report logged incidents. For recording incidents, location is considered essential to documenting network incidents. However, in network topology spaces, location cannot be measured due to absence of a 'distance metric'. Therefore, a novel solution was proposed to label locations of nodes within network topology spaces, and then to authenticate the identity of nodes in ad hoc environments. For reporting logged incidents, a novel technique based on Distributed Hash Tables (DHT) was adopted. Although the direct use of DHTs for reporting logged incidents would result in an uncontrollably recursive traffic, a new mechanism was introduced that overcome this recursive process. These logging and reporting techniques aided forensics over cellular and ad-hoc networks, which in turn increased their ability to track and trace attacks to their source. These techniques were a starting point for further research and development that would result in equipping future ad hoc networks with forensic components to complement existing security mechanisms.

network security

network forensics

peer to peer

mobile ad hoc network

Collaboration Enforcement In Mobile Ad Hoc Networks

Jiang, Ning

01 January 2006

Mobile Ad hoc NETworks (MANETs) have attracted great research interest in recent years. Among many issues, lack of motivation for participating nodes to collaborate forms a major obstacle to the adoption of MANETs. Many contemporary collaboration enforcement techniques employ reputation mechanisms for nodes to avoid and penalize malicious participants. Reputation information is propagated among participants and updated based on complicated trust relationships to thwart false accusation of benign nodes. The aforementioned strategy suffers from low scalability and is likely to be exploited by adversaries. To address these problems, we first propose a finite state model. With this technique, no reputation information is propagated in the network and malicious nodes cannot cause false penalty to benign hosts. Misbehaving node detection is performed on-demand; and malicious node punishment and avoidance are accomplished by only maintaining reputation information within neighboring nodes. This scheme, however, requires that each node equip with a tamper-proof hardware. In the second technique, no such restriction applies. Participating nodes classify their one-hop neighbors through direct observation and misbehaving nodes are penalized within their localities. Data packets are dynamically rerouted to circumvent selfish nodes. In both schemes, overall network performance is greatly enhanced. Our approach significantly simplifies the collaboration enforcement process, incurs low overhead, and is robust against various malicious behaviors. Simulation results based on different system configurations indicate that the proposed technique can significantly improve network performance with very low communication cost.

Mobile Ad Hoc Network

Routing

Security

Collaboration Enforcement

Finite State Model

Dynamic Rerouting

Computer Sciences

Engineering

Mobile Ad-hoc Network Routing Protocols: Methodologies and Applications

Lin, Tao

05 April 2004

A mobile ad hoc network (MANET) is a wireless network that uses multi-hop peer-to-peer routing instead of static network infrastructure to provide network connectivity. MANETs have applications in rapidly deployed and dynamic military and civilian systems. The network topology in a MANET usually changes with time. Therefore, there are new challenges for routing protocols in MANETs since traditional routing protocols may not be suitable for MANETs. For example, some assumptions used by these protocols are not valid in MANETs or some protocols cannot efficiently handle topology changes. Researchers are designing new MANET routing protocols and comparing and improving existing MANET routing protocols before any routing protocols are standardized using simulations. However, the simulation results from different research groups are not consistent with each other. This is because of a lack of consistency in MANET routing protocol models and application environments, including networking and user traffic profiles. Therefore, the simulation scenarios are not equitable for all protocols and conclusions cannot be generalized. Furthermore, it is difficult for one to choose a proper routing protocol for a given MANET application. According to the aforementioned issues, my Ph.D. research focuses on MANET routing protocols. Specifically, my contributions include the characterization of differ- ent routing protocols using a novel systematic relay node set (RNS) framework, design of a new routing protocol for MANETs, a study of node mobility, including a quantitative study of link lifetime in a MANET and an adaptive interval scheme based on a novel neighbor stability criterion, improvements of a widely-used network simulator and corresponding protocol implementations, design and development of a novel emulation test bed, evaluation of MANET routing protocols through simulations, verification of our routing protocol using emulation, and development of guidelines for one to choose proper MANET routing protocols for particular MANET applications. Our study shows that reactive protocols do not always have low control overhead, as people tend to think. The control overhead for reactive protocols is more sensitive to the traffic load, in terms of the number of traffic flows, and mobility, in terms of link connectivity change rates, than other protocols. Therefore, reactive protocols may only be suitable for MANETs with small number of traffic loads and small link connectivity change rates. We also demonstrated that it is feasible to maintain full network topology in a MANET with low control overhead. This dissertation summarizes all the aforementioned methodologies and corresponding applications we developed concerning MANET routing protocols. / Ph. D.

Emulation

Connected dominating set

Simulation

Framework

Relay node set

Routing

Mobile Ad-hoc Network

Autonomous Navigation of a Ground Vehicle to Optimize Communication Link Quality

Bauman, Cheryl Lynn

09 January 2007

The wireless technology of today provides combat systems with the potential to communicate mission critical data to every asset involved in the operation. In such a dynamic environment, the network must be able maintain communication by adapting to subsystems moving relative to each other. A theoretical and experimental foundation is developed that allows an autonomous ground vehicle to serve as an adaptive communication node in a larger network. The vehicle may perform other functions, but its primary role is to constantly reposition itself to maintain optimal link quality for network communication. Experimentation with existing wireless network hardware and software led to the development, implementation, and analysis of two main concepts that provided a signal optimization solution. The first attracts the communication ground vehicle to the network subsystems with weaker links using a vector summation of the signal-to-noise ratio and network subsystem position. This concept continuously generates a desired waypoint for repositioning the ground vehicle. The second concept uses a-priori GIS data to evaluate the desired vehicle waypoint determined by the vector sum. The GIS data is used primarily for evaluating the viewshed, or line-of-sight, between two network subsystems using elevation data. However, infrastructure and ground cover data are also considered in navigation planning. Both concepts prove to be powerful tools for effective autonomous repositioning for maximizing the communication link quality. / Master of Science

autonomous vehicle teaming

communication-sensitive navigation

mobile ad-hoc network

multi-robot

Uma arquitetura para agrupamento de controles de segurança em ambientes de tecnologia da informação baseada em barganhas cooperativas irrestritas. / An architecture to grouping security controls in information technology environments based on unrestricted cooperative bargains.

Silva, Anderson Aparecido Alves da

15 December 2016

Controles de segurança, também chamados de mecanismos de proteção, voltados para previsão e detecção de eventos indesejados são cada vez mais empregados em ambientes de Tecnologia da Informação (TI). O pouco entendimento sobre as características dos eventos indesejados que agem nos sistemas e a baixa compatibilidade existente entre os diversos mecanismos de proteção são problemas que se destacam neste tipo de cenário. Diferentes configurações dificultam a combinação dos resultados destes mecanismos e raramente dois ou mais controles de segurança se complementam. Por esse motivo, o agrupamento entre mecanismos de detecção e de previsão não é trivialmente resolvido. Neste trabalho é proposta uma arquitetura, denominada de Arquitetura Estratégica de Agrupamento - Strategic Grouping Architecture (SGA) - para agrupamento de controles de segurança voltados para detecção e/ou previsão, que tem como base a busca de um equilíbrio entre as configurações e os resultados individuais de cada mecanismo de proteção envolvido. Para alcançar este equilíbrio a arquitetura proposta divide a análise dos eventos (legítimos e maliciosos) que passam pelos controles de segurança em dois níveis de abstração: o técnico, onde são coletadas as configurações e os resultados dos controles de segurança; e o estratégico, onde os dados obtidos no nível técnico são analisados por meio de barganhas cooperativas irrestritas - Unrestricted Cooperative Bargains (UCB), conceito proveniente da Teoria dos Jogos, que busca a otimização e equilíbrio entre resultados. Justamente por ser realizada em um nível de abstração diferente, a análise gerada pelo SGA identifica a influência que cada configuração exerce nos resultados agrupados. Para explorar a capacidade da arquitetura proposta, dois experimentos, bastante diferentes, que envolvem a ação de eventos indesejados em ambientes de TI são conduzidos. Os resultados obtidos mostram a viabilidade do agrupamento de controles de segurança de detecção e previsão e a possibilidade do uso do SGA em outros ambientes, que não estejam necessariamente ligados à segurança de TI. Baseada na literatura científica a validação do SGA consiste de uma transformação prévia na categoria dos jogos estratégicos usados - cooperativos para não-cooperativos - e na busca de situações como o Equilíbrio de Nash (EN) e o ótimo de Pareto, que indicam os melhores resultados de um jogo. / Security controls, also called protection mechanisms, focused on forecasting and detection of unwanted events are increasingly employed in Information Technology (IT) environments. The little understanding about the characteristics of unwanted events which act on the systems and the low rate of compatibility among several protection mechanisms are both problems that arise in that scenario. Different settings make difficult combining the results of these mechanisms and two or more controls rarely complement each other. Due to that, grouping mechanisms of detection and forecasting is not a trivial matter. In this work a framework called Strategic Grouping Architecture (SGA) is proposed to grouping security controls focused on detection and/or forecasting. SGA is based on the search for equilibrium between the settings and the individual results of each protection mechanism involved. In order to reach this equilibrium the proposed framework divide the analysis of events (legitimates and malicious) which go through the security controls in two abstract levels: the technical level, where the settings and the results of security controls are collected; and the strategic level, where the data obtained in the technical level are analyzed through Unrestricted Cooperative Bargains (UCB), concept from Game Theory that seeks to optimize and balance the results. Precisely because it is performed on a different level of abstraction, the analysis generated by the SGA identifies the influence that each setting has on the clustered results. In order to exploit the capability of the proposed architecture, two experiments, quite different, involving the action of unwanted events in IT environments, are conducted. The obtained findings show the feasibility of grouping detection and forecasting security controls and the possibility of using the SGA in other environments that are not necessarily related to IT security. Based on scientific literature SGA validation consists of a previous transformation in the category of strategy games used - cooperative to non-cooperative - and the search for situations such as the Nash Equilibrium (NE) and the Pareto optimal, indicating the best results a game.

Barganhas cooperativas irrestritas

Controles de segurança

Detection and forecasting attacks

Game theory

Kackers (Prevenção e Controle)

Mobile Ad hoc NETwork (MANET)

Mobile Ad hoc NETwork (MANET)

Security controls

Teoria dos jogos

Unrestricted cooperative bargains

Uma arquitetura para agrupamento de controles de segurança em ambientes de tecnologia da informação baseada em barganhas cooperativas irrestritas. / An architecture to grouping security controls in information technology environments based on unrestricted cooperative bargains.

Anderson Aparecido Alves da Silva

15 December 2016

Controles de segurança, também chamados de mecanismos de proteção, voltados para previsão e detecção de eventos indesejados são cada vez mais empregados em ambientes de Tecnologia da Informação (TI). O pouco entendimento sobre as características dos eventos indesejados que agem nos sistemas e a baixa compatibilidade existente entre os diversos mecanismos de proteção são problemas que se destacam neste tipo de cenário. Diferentes configurações dificultam a combinação dos resultados destes mecanismos e raramente dois ou mais controles de segurança se complementam. Por esse motivo, o agrupamento entre mecanismos de detecção e de previsão não é trivialmente resolvido. Neste trabalho é proposta uma arquitetura, denominada de Arquitetura Estratégica de Agrupamento - Strategic Grouping Architecture (SGA) - para agrupamento de controles de segurança voltados para detecção e/ou previsão, que tem como base a busca de um equilíbrio entre as configurações e os resultados individuais de cada mecanismo de proteção envolvido. Para alcançar este equilíbrio a arquitetura proposta divide a análise dos eventos (legítimos e maliciosos) que passam pelos controles de segurança em dois níveis de abstração: o técnico, onde são coletadas as configurações e os resultados dos controles de segurança; e o estratégico, onde os dados obtidos no nível técnico são analisados por meio de barganhas cooperativas irrestritas - Unrestricted Cooperative Bargains (UCB), conceito proveniente da Teoria dos Jogos, que busca a otimização e equilíbrio entre resultados. Justamente por ser realizada em um nível de abstração diferente, a análise gerada pelo SGA identifica a influência que cada configuração exerce nos resultados agrupados. Para explorar a capacidade da arquitetura proposta, dois experimentos, bastante diferentes, que envolvem a ação de eventos indesejados em ambientes de TI são conduzidos. Os resultados obtidos mostram a viabilidade do agrupamento de controles de segurança de detecção e previsão e a possibilidade do uso do SGA em outros ambientes, que não estejam necessariamente ligados à segurança de TI. Baseada na literatura científica a validação do SGA consiste de uma transformação prévia na categoria dos jogos estratégicos usados - cooperativos para não-cooperativos - e na busca de situações como o Equilíbrio de Nash (EN) e o ótimo de Pareto, que indicam os melhores resultados de um jogo. / Security controls, also called protection mechanisms, focused on forecasting and detection of unwanted events are increasingly employed in Information Technology (IT) environments. The little understanding about the characteristics of unwanted events which act on the systems and the low rate of compatibility among several protection mechanisms are both problems that arise in that scenario. Different settings make difficult combining the results of these mechanisms and two or more controls rarely complement each other. Due to that, grouping mechanisms of detection and forecasting is not a trivial matter. In this work a framework called Strategic Grouping Architecture (SGA) is proposed to grouping security controls focused on detection and/or forecasting. SGA is based on the search for equilibrium between the settings and the individual results of each protection mechanism involved. In order to reach this equilibrium the proposed framework divide the analysis of events (legitimates and malicious) which go through the security controls in two abstract levels: the technical level, where the settings and the results of security controls are collected; and the strategic level, where the data obtained in the technical level are analyzed through Unrestricted Cooperative Bargains (UCB), concept from Game Theory that seeks to optimize and balance the results. Precisely because it is performed on a different level of abstraction, the analysis generated by the SGA identifies the influence that each setting has on the clustered results. In order to exploit the capability of the proposed architecture, two experiments, quite different, involving the action of unwanted events in IT environments, are conducted. The obtained findings show the feasibility of grouping detection and forecasting security controls and the possibility of using the SGA in other environments that are not necessarily related to IT security. Based on scientific literature SGA validation consists of a previous transformation in the category of strategy games used - cooperative to non-cooperative - and the search for situations such as the Nash Equilibrium (NE) and the Pareto optimal, indicating the best results a game.

Barganhas cooperativas irrestritas

Controles de segurança

Kackers (Prevenção e Controle)

Mobile Ad hoc NETwork (MANET)

Teoria dos jogos

Detection and forecasting attacks

Game theory

Mobile Ad hoc NETwork (MANET)

Security controls

Unrestricted cooperative bargains

Design and evaluation of security mechanism for routing in MANETs : elliptic curve Diffie-Hellman cryptography mechanism to secure Dynamic Source Routing protocol (DSR) in Mobile Ad Hoc Network (MANET)

Almotiri, Sultan H.

January 2013

Ensuring trustworthiness through mobile nodes is a serious issue. Indeed, securing the routing protocols in Mobile Ad Hoc Network (MANET) is of paramount importance. A key exchange cryptography technique is one such protocol. Trust relationship between mobile nodes is essential. Without it, security will be further threatened. The absence of infrastructure and a dynamic topology changing reduce the performance of security and trust in mobile networks. Current proposed security solutions cannot cope with eavesdroppers and misbehaving mobile nodes. Practically, designing a key exchange cryptography system is very challenging. Some key exchanges have been proposed which cause decrease in power, memory and bandwidth and increase in computational processing for each mobile node in the network consequently leading to a high overhead. Some of the trust models have been investigated to calculate the level of trust based on recommendations or reputations. These might be the cause of internal malicious attacks. Our contribution is to provide trustworthy communications among the mobile nodes in the network in order to discourage untrustworthy mobile nodes from participating in the network to gain services. As a result, we have presented an Elliptic Curve Diffie-Hellman key exchange and trust framework mechanism for securing the communication between mobile nodes. Since our proposed model uses a small key and less calculation, it leads to a reduction in memory and bandwidth without compromising on security level. Another advantage of the trust framework model is to detect and eliminate any kind of distrust route that contain any malicious node or suspects its behavior.

004.6

Intelligent MANET optimisation system

Saeed, Nagham

January 2011

In the literature, various Mobile Ad hoc NETwork (MANET) routing protocols proposed. Each performs the best under specific context conditions, for example under high mobility or less volatile topologies. In existing MANET, the degradation in the routing protocol performance is always associated with changes in the network context. To date, no MANET routing protocol is able to produce optimal performance under all possible conditions. The core aim of this thesis is to solve the routing problem in mobile Ad hoc networks by introducing an optimum system that is in charge of the selection of the running routing protocol at all times, the system proposed in this thesis aims to address the degradation mentioned above. This optimisation system is a novel approach that can cope with the network performance’s degradation problem by switching to other routing protocol. The optimisation system proposed for MANET in this thesis adaptively selects the best routing protocol using an Artificial Intelligence mechanism according to the network context. In this thesis, MANET modelling helps in understanding the network performance through different contexts, as well as the models’ support to the optimisation system. Therefore, one of the main contributions of this thesis is the utilisation and comparison of various modelling techniques to create representative MANET performance models. Moreover, the proposed system uses an optimisation method to select the optimal communication routing protocol for the network context. Therefore, to build the proposed system, different optimisation techniques were utilised and compared to identify the best optimisation technique for the MANET intelligent system, which is also an important contribution of this thesis. The parameters selected to describe the network context were the network size and average mobility. The proposed system then functions by varying the routing mechanism with the time to keep the network performance at the best level. The selected protocol has been shown to produce a combination of: higher throughput, lower delay, fewer retransmission attempts, less data drop, and lower load, and was thus chosen on this basis. Validation test results indicate that the identified protocol can achieve both a better network performance quality than other routing protocols and a minimum cost function of 4.4%. The Ad hoc On Demand Distance Vector (AODV) protocol comes in second with a cost minimisation function of 27.5%, and the Optimised Link State Routing (OLSR) algorithm comes in third with a cost minimisation function of 29.8%. Finally, The Dynamic Source Routing (DSR) algorithm comes in last with a cost minimisation function of 38.3%.

621.382

Performance Evaluation of Opportunistic Routing Protocols for Multi-hop Wireless Networks

Guercin, Sergio Rolando

15 March 2019

Nowadays, Opportunistic Routing (OR) is widely considered to be the most important paradigm for Multi-hop wireless networks (MWNs). It exploits the broadcast nature of wireless medium to propagate information from one point to another within the network. In OR scheme, when a node has new information to share, it rst needs to set its forwarding list which include the IDs and/or any relevant information to its best suited neighboring nodes. This operation is supported by the use of appropriate metrics. Then, it executes a coordination algorithm allowing transmission reliability and high throughput among the next-hop forwarders. In this paper, we provide a comprehensive guide to understand the characteristics and challenges faced in the area of opportunistic routing protocols in MWNs. Moreover, since the planet we live on is largely covered by water, OR protocols have gained much attention during the last decade in real-time aquatic applications, such as oil/chemical spill monitoring, ocean resource management, anti-submarine missions and so on. One of the major problems in Underwater Wireless Sensor Network (UWSNs) is determining an e cient and reliable routing methodology between the source node and the destination node. Therefore, designing e cient and robust routing protocols for UWSNs became an attractive topic for researchers. This paper seeks to address in detail the key factors of underwater sensor network. Furthermore, it calls into question 5 state-of-the-art routing protocols proposed for UWSN: The Depth-Based Routing protocol (DBR), the Energy-E cient Depth-Based Routing protocol (EEDBR), the Hydraulic-pressure-based anycast routing protocol (Hydrocast), the Geographic and opportunistic routing protocol with Depth Adjustment for mobile underwater sensor networks (GEDAR), and the Void- Aware Pressure Routing for underwater sensor networks (VAPR). Finally, it covers the performance of those protocol through the use of the R programming language.

Wireless Sensor Network

Underwater wireless sensor network

Multi-hop wireless network

Mobile ad hoc network

GEDAR

DBR

Patient Monitoring via Mobile Ad Hoc Network: Power Management, Reliability, and Delays

Sneha, Sweta

13 June 2008

ABSTRACT PATIENT MONITORING VIA MOBILE AD HOC NETWORK - MAXIMIZING RELIABILITY WHILE MINIMIZING POWER USAGE AND DELAYS BY SWETA SNEHA May 22nd, 2008 Committee Chair: Dr. Upkar Varshney Major Department: Computer Information Systems Comprehensive monitoring of patients based on wireless and mobile technologies has been proposed for early detection of anomalies, provision of prompt medical attention, and corresponding reduction in healthcare expenses associated with unnecessary hospitalizations and treatment. However the quality and reliability of patient monitoring applications have not been satisfactory, primarily due to their sole dependence on infrastructure-oriented wireless networks such as wide-area cellular networks and wireless LANs with unpredictable and spotty coverage. The current research is exploratory in nature and seeks to investigate the feasibility of leveraging mobile ad hoc network for extending the coverage of infrastructure oriented networks when the coverage from the latter is limited/non-existent. Although exciting, there are several challenges associated with leveraging mobile ad hoc network in the context of patient monitoring. The current research focuses on power management of the low-powered monitoring devices with the goal to maximize reliability and minimize delays. The PRD protocols leveraging variable-rate transmit power and the PM-PRD scheme are designed to achieve the aforementioned objective. The PRD protocols manage power transmitted by the source and intermediate routing devices in end to end signal transmission with the obejective to maximize end to end reliability. The PM-PRD scheme operationalizes an appropriate PRD protocol in end to end signal transmission for diverse patient monitoring scenarios with the objective to maximize reliability, optimize power usage, and minimize delays in end to end signal transmission. Analytical modeling technique is utilized for modeling diverse monitoring scenarios in terms of the independent variables and assessing the performance of the research artifacts in terms of the dependent variables. The evaluation criterion of the research artifacts is maximization of reliability and minimization of power usage and delays for diverse monitoring scenarios. The performance evaluation of the PRD protocols is based on maximization of end to end reliability in signal transmission. The utility of the PM-PRD scheme is associated with operationalizing an appropriate protocol for a given monitoring scenario. Appropriateness of a protocol for a given scenario is based on the performance of the PRD protocols with respect to the dependent variables (i.e., end to end reliability, end to end power usage, and end to end delays). Hence the performance evaluation of the PRD protocols in terms of the dependent variables is utilized to (a) discover the best protocol and (b) validate the accuracy and utility of the PM-PRD scheme in allocating the best protocol for diverse monitoring scenarios. The results validate the effectiveness of the research artifacts in maximizing reliability while minimizing power usage and delays in end to end signal transmission via a multi-hop mobile ad hoc network. Consequently the research establishes the feasibility of multi-hop mobile ad hoc network in supplementing the spotty network coverage of infrastructure oriented networks thereby enhancing the quality and dependability of the process of signal transmission associated with patient monitoring applications.

Mobile Ad hoc Network (MANET)

Healthcare

Patient Monitoring

Reliability

Power Management

Delays

E-Health

Protocols

Scheme

Analytical Modeling

Management Information Systems