Proposition de nouveaux mécanismes de protection contre l'usurpation d'identité pour les fournisseurs de services Internet / Proposal for new protections against identity theft for ISPs

Biri, Aroua

25 February 2011

De plus en plus d’organisations sont informatisées et plus une organisation est grande, plus elle peut être la cible d’attaques via Internet. On note également que les internautes utilisent de plus en plus Internet pour faire des achats sur des sites de commerce électronique, pour se connecter à l’administration en ligne, pour voter de manière électronique, etc. Par ailleurs, certains d’entre eux ont de plus en plus d'équipements électroniques qui peuvent être raccordés à Internet et ce dans divers sites (domicile, voiture, lieu de travail, etc.). Ces équipements forment ce qu’on appelle un réseau personnel qui permet la mise en place de nouvelles applications centrées sur l’internaute. Les fournisseurs de services Internet peuvent ainsi étoffer leurs offres de services en présentant une offre de sécurisation de ce genre de réseau. Selon le rapport du cabinet « Arbor Networks » intitulé « Worldwide Infrastructure Security Report », les menaces identifiées comme les plus sévères sont relatives aux attaques de déni de service distribué. Ce type d’attaque a pour but de rendre indisponible un service en empêchant les utilisateurs légitimes de l'utiliser. Il utilise la technique de l’usurpation d’identité qui consiste en la création de paquets (de type IP, ARP, etc.) avec une adresse source forgée et ce dans le but d’usurper un système informatique ou d’usurper l’identité de l’émetteur. La technique de l’usurpation d’identité permet ainsi de rendre un service indisponible, d’écouter, de corrompre, de bloquer le trafic des internautes ou de nuire au bon fonctionnement des protocoles de routage et des réseaux personnels des clients. De plus, la technique de l’usurpation d’identité est également utilisée pour des activités interdites par la loi « Hadopi » en rigueur en France comme le téléchargement illégal. De ce fait, les fournisseurs de services Internet se doivent de prémunir leurs clients des attaques basées sur la technique de l’usurpation d’identité. Ces dits fournisseurs comptent sur les protocoles de routage qu’ils déroulent pour participer au bon acheminement des données de leurs clients. Cependant, le protocole intra-domaine OSPF et le protocole inter-domaine BGP sont vulnérables aux attaques utilisant la technique de l’usurpation d’identité qui peuvent conduire à l’acheminement des paquets vers des destinataires non légitimes ou au déni de service. Nous proposons donc deux mécanismes dédiés respectivement au protocole intra-domaine OSPF et au protocole inter-domaine BGP. D’une part, afin de protéger les routeurs OSPF contre les attaques utilisant la technique d’usurpation d’identité, nous avons préconisé le stockage de l’identité et du matériel cryptographique dans un coffre-fort électronique que sont les cartes à puce. Les cartes déroulent ensuite un algorithme de dérivation de clés avec les cartes des routeurs voisins ainsi qu’avec celle du routeur désigné. Les clés dérivées entre les cartes à puce servent à signer les messages OSPF et à authentifier le niveau MAC. Nous avons décrit par la suite la plateforme du démonstrateur et les scénarios de tests adoptés pour évaluer les performances de notre prototype et les comparer avec ceux du logiciel Quagga sur la base de trois critères : le temps requis pour traiter une annonce d'état de liens, le temps de convergence ainsi que le temps de re-calcul d’une table de routage après un changement. Ces temps augmentent peu avec l’introduction de la carte à puce implémentant les fonctions de sécurité proposées. Ainsi, cette solution permet de renforcer la sécurité du protocole OSPF avec un impact raisonnable sur les performances. D’autre part, afin de protéger les routeurs BGP contre les attaques utilisant la technique d’usurpation d’identité, nous avons préconisé la « clustérisation » des domaines Internet et la sécurisation des liens entre les clusters ainsi qu’au sein de chacun d’eux grâce aux paradigmes de « web of trust » et de la cryptographie sans certificats […] / More and more organizations are computerized and more an organization is great, plus it can be the target of Internet attacks. Moreover, some of them have a growing number of electronic equipments that can be connected to the Internet from various locations (home, car, workplace, etc.). These devices form a so-called personal area network that allows the development of new applications centered on users. The ISPs can then expand their service offerings by providing a secure supply of such networks. According to the report of the firm “Arbor Networks”, entitled "Worldwide Infrastructure Security Report ", the most severe threats are related to distributed denial of service. This type of attack aims to make available a service by preventing legitimate users from using it. It uses the technique of identity theft that involves the creation of packages (like IP, ARP, etc.) with a forged source address and that in order to usurp the Identity of the issuer or of the computer system. Thus, the technique of identity theft allows to render a service unavailable, to listen, to corrupt, to block traffic from Internet users or to undermine the legitimate operation of routing protocols and personal networks. Moreover, the technique of identity theft is also used for prohibited activities by "HADOPI" law in France and related to illegal downloading issues. Thus, the ISPs have a duty to protect their customers from attacks based on the technique of identity theft. The mechanisms of protection against spoofing attacks for access networks are crucial for customer adoption of new applications offered by Internet service providers. This part of the doctoral thesis is part of the European project “MAGNET Beyond" whose vision is to put into practice the concept of personal networks, with the ultimate objective to design, develop, prototype and validate the concept. In the context of user equipment’s access to the network of an Internet services provider from a public place, we proposed a cross-layer protocol based on the principles of information theory. This protocol fixes the security hole not addressed by other proposals that is the attack of identity theft that occurs at the beginning of communication and thus protects users against the middle man attacks. We proposed that the person who wants to have secure access to the Internet must be on a specific circle has been called "RED POINT" so that the attacker is not able to be on the same circle at the same time. The proposed cross-layer protocol can be divided into three phases: the phase of checking the position of the user, the extraction phase of the shared secret of the physical layer and the phase of the derivation of the shared key at the MAC layer. We subsequently validated our solution through a formal tool AVISPA and presented the results of its implementation. In a private context, communication between devices convey users' personal data which may be confidential, so we must prevent equipment not belonging to the legitimate user to access its network. Thus, we proposed two mechanisms of protection against attacks based on spoofing so that illegitimate equipment is unable to impersonate legitimate equipment. The first phase will be dedicated to personal networks and the second will be dedicated to the particular case of medical networks. Regarding the mechanism dedicated to personal networks, we have proposed the use of a protocol based on out-of-band channel in order to provide certificates to user equipments. We derive bilateral key for personal network’s equipments of the same site and between equipments at remote sites. Concerning the particular case of medical networks, we proposed to cover their deployment phases and their operational phases. This proposal was submitted to the IEEE 802.15.6 working group that conducts research for the standardization of medical networks […]

Usurpation d'identité

Fournisseurs de services Internet

Protocoles de routage

DNSSEC

Mécanismes d'appairage

Cryptographie

Hotspots

Canaux hors bande

Identity theft

ISP

Routing protocols

DNSSEC

Peering mechanisms

Cryptography

Hotspots

Out-of-band channels

Connectionless Approach: A Localized Scheme To Mobile Ad Hoc Networks

Ho, Yao

01 January 2009

According to a Gartner Group (www.gartner.com) report in September 2008, the worldwide telecommunications market is on pace to reach $2 trillion in 2008. Gartner predicts that by 2012, the ratio of mobile to fixed connections will exceed 4-to-1. The North American mobile data market grew to 141.1 million connections in 2007, with a compound annual growth rate of 41.7 percent. It is believed that a large portion will be ad hoc and multi-hop connections, which will open many opportunities for Mobile Ad hoc NETwork (MANET) applications and Wireless Mesh Network (WMN) applications. A MANET is a self-organizing multi-hop wireless network where all nodes participate in the routing and data forwarding process. Such a network can be easily deployed in situations where no base station is available, and a network must be build spontaneously. In applications such as battlefield communications, national crises, disaster recovery, and sensor deployment, a wired network is not available and ad hoc networks provide the only feasible means of communications and information access. Ad hoc networks have also become commonplace for gaming, conferencing, electronic classrooms, and particularly vehicle-to-vehicle communications. A Wireless mash network (WMN) is collection of mesh clients and mesh nodes (routers), with mesh nodes forming the backbone of the network and providing connection to the Internet and other network. Their rapid deployment and ease of maintenance are suitable for on-demand network such as disaster recovery, homeland security, convention centers, hard-to-wire buildings and unfriendly terrains. One important problem with MANET is the routing protocol that needs to work well not just with a small network, but also sustain efficiency and scalability as the network gets expanded and the application transmits data in greater volume. In such an environment, mobility, channel error, and congestion are the main causes for packet loss. Due to mobility of mobile hosts, addressing frequent and unpredictable topology changes is fundamental to MANET research. Two general approaches have been considered: connection-oriented approach and connectionless-oriented approach. In the former, the emphasis is on how to reconnect quickly with low overhead when a broken link occurs. Examples of this approach includes includes [5], [9], [10], [16], [26], [28], [29], [34], [44], and [45]. In contrast, connectionless-oriented approach focuses on minimizing the occurrence of broken links. We proposed one such scheme called Connectionless Approach (CLA) and . In CLA, the network area is divided into non-overlapping grid cells, each serving as a virtual router. Any physical router (i.e., mobile host), currently inside a virtual router, can help forward the data packet to the next virtual router along the virtual link. This process is repeated until the packet reaches its final destination. Since a virtual link is based on virtual routers which do not move, it is much more robust than physical links used in the connection-oriented techniques. Simulation results in our previous works and , based on GloMoSim , indicate that CLA performs significantly better than connection-oriented techniques (i.e., AODV, DSR, LAR, GRID, TMNR, and GPSR). The contribution of this work consists of investigating and developing new Connectionless-Oriented Approach for Mobile Ad Hoc Network. Two of the greatest impacts of this research are as follows. First, the new approach is targeted towards robustly support high mobility and large scale environment which has been adapted for vehicle-to-vehicle environment in . Second, the detailed simulations which compare eight representative routing protocols, namely AODV, DSR, LAR, GRID, TMNR, GPSR, CBF, and CLA, under high-mobility environments. As many important emergent applications of the technology involved high-mobility nodes, very little is known about the existing routing methods perform relative to each other in high-mobility environments. The simulation results provide insight into ad hoc routing protocols and offer guidelines for mobile ad hoc network applications. Next, we enhanced and extend the connectionless-oriented approach. The current connectionless-oriented approach, however, may suffer from packet drops since traffic congestion is not considered in the packet forwarding policy. We address this weakness by considering the connectionless-oriented approach with a collision avoidance routing technique. After that, we investigate techniques to enforce collaboration among mobile devices in supporting the virtual router functionality. Many works have been published to combat such problem - misbehaving nodes are detected and a routing algorithm is employed to avoid and penalize misbehaving nodes. These techniques, however, cannot be applied to the connectionless-oriented approach since any node in the general direction towards the destination node can potentially help forward the data packets. To address the security and cooperation issues for connectionless-oriented approach, we introduce a cooperation enforcement technique called 3CE (3-Counter Enforcement). In addition, wireless mesh networks have become increasingly popular in recent years. Wireless mash network (WMNs) are collection of mesh clients and mesh nodes (routers), with mesh nodes forming the backbone of the network and providing connection to the Internet and other network. We propose a paradigm that combines virtual routers and mesh nodes to create a hybrid network call VR-Mesh Network. This hybrid network can reduce number of mesh node needed without decrease the performance of the network.

Mobile Ad Hoc Network

Mesh Network

Vehicular Network

Routing Protocols

Connectionless Approach

Virtual Router

Communication Connection

Route Diversion

Cooperation Enforcement

Computer Sciences

Engineering

INTEGRATED ARCHITECTURE AND ROUTING PROTOCOLS FOR HETEROGENEOUS WIRELESS NETWORKS

CAVALCANTI, DAVE ALBERTO TAVARES

03 April 2006

No description available.

Computer Science

Heterogeneous Wireless Networks.

network selection

always best connectivity

Σχεδιασμός, υλοποίηση και πειραματική αξιολόγηση αποδοτικών αλγορίθμων για κινητά δίκτυα αισθητήρων

Πατρούμπα, Δήμητρα

09 December 2013

Τα Δίκτυα Αισθητήρων αποτελούνται από ένα μεγάλο αριθμό μικρών αυτόνομων συσκευών, που αλληλεπιδρούν με το άμεσο περιβάλλον τους μέσω αισθητήρων, συλλέγουν δεδομένα και τα προωθούν προς ένας σταθερό, συνήθως, κέντρο ελέγχου, με αναμεταδόσεις στους ενδιάμεσους κόμβους. Η διαδικασία αυτή έχει ως αποτέλεσμα τη μεγάλη κατανάλωση ενέργειας στις συσκευές, ιδιαίτερα σε αυτές που βρίσκονται κοντά στο κέντρο ελέγχου, αφού πρέπει να αναμεταδίδουν και τα δεδομένα που φτάνουν από το υπόλοιπο δίκτυο προς το κέντρο ελέγχου. Για την επίτευξη μιας πιο ισορροπημένης και αποδοτικής διαδικασίας συλλογής δεδομένων, τα τελευταία χρόνια έχει υιοθετηθεί μια νέα προσέγγιση, όπου το κέντρο ελέγχου είναι κινητό. Η βασική ιδέα είναι ότι το κέντρο ελέγχου διαθέτει σημαντικά και εύκολα ανανεώσιμα αποθέματα ενέργειας, επομένως μπορεί να κινείται στην περιοχή όπου έχει αναπτυχθεί το δίκτυο αισθητήρων, αναλαμβάνοντας να συλλέξει τα δεδομένα από τους κόμβους με πολύ μικρό κόστος. Ωστόσο, η μετάδοση των δεδομένων μπορεί να παρουσιάζει σημαντικές καθυστερήσεις. Συλλογή δεδομένων με προσαρμοστικούς χρόνους αναμονής: Στην παρούσα διατριβή αναπτύχθηκαν πρωτόκολλα ελέγχου της κίνησης ενός κέντρου ελέγχου σε δίκτυο αισθητήρων με ανομοιογενή ανάπτυξη των κόμβων αισθητήρων, με στόχο την αποδοτική, ως προς την ενέργεια και τον χρόνο παράδοσης, συλλογή των δεδομένων. Πιο συγκεκριμένα, αρχικά παρουσιάζεται ένα πρωτόκολλο με βάση το οποίο το κέντρο ελέγχου διαιρεί νοητά το δίκτυο σε περιοχές τις οποίες και επισκέπτεται διαδοχικά, σταματώντας σε κάθε περιοχή για ένα συγκεκριμένο χρονικό διάστημα, ώστε να συλλέξει τα δεδομένα. Προτείνουμε δύο τρόπους κίνησης του κέντρου ελέγχου, ντετερμινιστικό και τυχαίο. Στην τυχαία κίνηση, η επιλογή της επόμενης περιοχής την οποία θα επισκεφτεί το κέντρο ελέγχου γίνεται με τυχαίο τρόπο, εισάγοντας όμως ένα όρο μεροληψίας, έτσι ώστε να προτιμούνται περιοχές που έχουν δεχτεί λιγότερες επισκέψεις. Επιπλέον η μέθοδός μας αποφασίζει το χρόνο παύσης σε κάθε περιοχή λαμβάνοντας υπόψιν κάποιες βασικές παραμέτρους του δικτύου, όπως τα αρχικά αποθέματα ενέργειας των κόμβων αισθητήρων και την πυκνότητα της κάθε περιοχής, έτσι ώστε να παραμένει περισσότερο χρόνο σε περιοχές με μεγαλύτερη πυκνότητα, άρα και μεγαλύτερη ποσότητα πληροφορίας. Με τον τρόπο αυτό επιτυγχάνεται η γρήγορη κάλυψη όλου του δικτύου, καθώς επίσης και η δίκαιη εξυπηρέτηση των επιμέρους περιοχών του δικτύου. Προσαρμοστικοί τυχαίοι περίπατοι Στη συνέχεια, μελετάται η χρήση τυχαίων περιπάτων κατά την κίνηση του κέντρου ελέγχου σε δίκτυα αισθητήρων με στόχο την επίτευξη ενός ικανοποιητικού σημείου ισορροπίας μεταξύ κατανάλωσης ενέργειας και καθυστέρησης στην παράδοση των μηνυμάτων. Για την ικανοποίηση του στόχου αυτού, προτείνουμε τρεις νέους τυχαίους περιπάτους, τους α) Τυχαίος Περίπατος με Αδράνεια, κατά τον οποίο το κινούμενο αντικείμενο τείνει να διατηρεί την ίδια κατεύθυνση στην κίνησή του όσο ανακαλύπτει κόμβους αισθητήρων που δεν έχει επισκεφτεί και αλλάζει την κατεύθυνσή του όταν φτάνει σε κόμβους που έχει ξαναεπισκεφτεί, β) Explore-and-Go, κατά τον οποίο το κινούμενο αντικείμενο τείνει να εκτελεί μια Brownian κίνηση γύρω από την περιοχή του όσο υπάρχουν κόμβοι που δεν έχουν δεχτεί επίσκεψη, γ) Curly Random Walk, όπου το κινούμενο αντικείμενο διαπερνάει όλη την περιοχή του δικτύου ξεκινώντας από το κέντρο και επεκτείνοντας την κίνησή του με συνεχόμενες κυκλικές κινήσεις προς τα έξω. Για την εφαρμογή των τυχαίων περιπάτων χρησιμοποιούμε ένα νοητό πλέγμα ώστε να καλύπτουμε την περιοχή του δικτύου αισθητήρων• οι περίπατοι κινούνται πάνω στους κόμβους του πλέγματος. Αν και στις περισσότερες περιπτώσεις οι τυχαίοι περίπατοι μελετώνται σε Gn,p και Grid γράφους, τα δίκτυα αισθητήρων μοντελοποιούνται με μεγαλύτερη ακρίβεια χρησιμοποιώντας το μοντέλο των Random Geometric Graphs (RGG), εφόσον έτσι αναπαρίσταται καλύτερα η χωρική εγγύτητα του δικτύου. Οι παραπάνω τυχαίοι περίπατοι δεν δίνουν τα επιθυμητά αποτελέσματα όταν τρέχουν σε RGG. Έτσι οδηγηθήκαμε στο σχεδιασμό ενός νέου τυχαίου περιπάτου, του γ-Stretched Random Walk, η βασική ιδέα του οποίου είναι να μεροληπτεί υπέρ της επίσκεψης των πιο μακρινών γειτόνων του τρέχοντος κόμβου έτσι ώστε να μειώσει στο ελάχιστο τις επικαλύψεις στις επισκέψεις. Αλγόριθμοι που λαμβάνουν υπόψιν την ηλεκτρομαγνητική ακτινοβολία στο δίκτυο: Εκτός από τη μελέτη της κίνησης του κέντρου ελέγχου σε δίκτυα αισθητήρων, στη διατριβή αυτή παρουσιάζεται μια πρώτη προσπάθεια μελέτης θεμάτων σχετικά με την επίγνωση της εκπομπή ακτινοβολίας σε περιβάλλοντα όπου λειτουργούν πολλαπλά ετερογενή ασύρματα δίκτυα. Ως ακτινοβολία σε ένα σημείου του τρισδιάστατου χώρου καλούμε τη συνολική ποσότητητα ηλεκτρομαγνητικής ακτινοβολίας που δέχεται το σημείο αυτό. Έτσι, καταρχάς μελετάμε σε αναλυτικό επίπεδο την ακτινοβολία σε διάφορες γνωστές τοπολογίες (τυχαίες, πλέγματα) και κατόπιν επικεντρώνουμε το ενδιαφέρον μας στην εύρεση ενός μονοπατιού ελάχιστης ακτινοβολίας το οποίο ακολουθείται από κάποιο άτομο που κινείται στην περιοχή που καλύπτεται από ένα ασύρματο δίκτυο αισθητήρων. Προτείνουμε τρεις ευρετικές μεθόδους για την εύρεση του μονοπατιού καθώς το άτομο κινείται, ενώ υπολογίζουμε και την οffline λύση χρησιμοποιώντας τον αλγόριθμο ελάχιστου μονοπατιού. Κατόπιν, εξετάζουμε το θεμελιώδες πρόβλημα της διάδοσης των δεδομένων σε ασύρματα δίκτυα αισθητήρων, προσπαθώντας τόσο να παραμείνει γρήγορη η διαδικασία παράδοσης των μηνυμάτων, παράλληλα όμως και η συνολική ηλεκτρομαγνητική ακτινοβολία που παράγεται από τις συνεχείς ασύρματες μεταδόσεις να διατηρηθεί σε χαμηλά επίπεδα. Αυτό επιτυγχάνεται αρχικά χρησιμοποιώντας κάποιες άπληστες ευρετικές μεθόδους που όμως λαμβάνουν υπόψιν την ακτινοβολία. Επιπλέον, οι μέθοδοι αυτοί συνδυάζονται με μεθόδους που πραγματοποιούν back-off στο χρόνο, χρησιμοποιώντας τοπικές ιδιότητες του δικτύου (όπως ο αριθμός γειτόνων, η απόσταση από το κέντρο ελέγχου), έτσι ώστε «απλωθεί» κατά κάποιο τρόπο η ακτινοβολία τόσο ως προς το χρόνο αλλά και ως προς το χώρο. Τα προτεινόμενα πρωτόκολλα αξιολογήθηκαν πειραματικά μέσω προσομοίωσης, χρησιμοποιώντας ποικίλες τιμές για βασικές παραμέτρους του δικτύου και σύγκρινοντάς τα με σχετικές υπάρχουσες ευρέως αποδεκτές μεθόδους. Συστημικές Εφαρμογές: Τέλος, στη διατριβή παρουσιάζονται κάποιες συστημικές εφαρμογές ασύρματων δικτύων αισθητήρων σε κτίρια. Συγκεκριμένα, η πρώτη εφαρμογή αναλαμβάνει σε περίπτωση ανίχνευσης φωτιάς, την εύρεση του ελάχιστου μονοπατιού μακριά από το σημείο όπου έγινε η ανίχνευση. Επιπλέον, παρέχει καθοδήγηση στους ενοίκους του κτιρίου (οι οποίοι μοντελοποιούνται από ένα κινούμενο ρομπότ) έτσι ώστε να εγκαταλείψουν με ασφάλεια το κτίριο. Η επόμενη εφαρμογή παρουσιάζει τη δυνατότητα της απρόσκοπτης διασύνδεσης αυτοματισμών έξυπνων κτιρίων, αποτελούμενων από ενσωματωμένα συστήματα, στο διαδίκτυο και την αφαιρετικοποίησή τους ως απλά web services. Η προσέγγιση αυτή έχει στόχο την δημιουργία ενός ευέλικτου, εύκολα κλιμακώσιμου συστήματος που είναι προσβάσιμο και ελεγχόμενο απομακρυσμένα. Η προσέγγιση που ακολουθήθηκε και παρουσιάζεται στην παρούσα διατριβή περιλαμβάνει την ανάπτυξη ενός αριθμού αισθητήρων μέσα σε ένα κτίριο, οι οποίοι αποκτούν IPv6 διεύθυνση ώστε να είναι προσβάσιμοι διαδικτυακά, ενώ παράλληλα διασυνδέονται με ηλεκτρικές συσκευές του κτιρίου για σχηματισμό αυτοματισμών. Τέλος αναπτύχθηκε μία web εφαρμογή για απομακρυσμένη διαχείριση του δικτύου και του κτιρίου γενικότερα. / Wireless Sensor Networks consist of a large number of small, autonomous devices, that are able to interact with their environment by sensing and collaborate to fulfill their tasks, as, usually, a single node is incapable of doing so; and they use wireless communication to enable this collaboration. The collected data is disseminated to a static control point – data sink in the network, using node to node - multi-hop data propagation. However, sensor devices consume significant amounts of energy in addition to increased implementation complexity, since a routing protocol is executed. Also, a point of failure emerges in the area near the control center where nodes relay the data from nodes that are farther away. Recently, a new approach has been developed that shifts the burden from the sensor nodes to the sink. The main idea is that the sink has significant and easily replenishable energy reserves and can move inside the area the sensor network is deployed, in order to acquire the data collected by the sensor nodes at very low energy cost. However, the need to visit all the regions of the network may result in large delivery delays. Data collection with biased stop times: In this work we have developed protocols that control the movement of the sink in wireless sensor networks with non-uniform deployment of the sensor nodes, in order to succeed an efficient (with respect to both energy and latency) data collection. More specifically, we first propose a protocol, where the sink partitions the network area in equal square regions and then performs a network traversal by visiting each area sequentially. Also, it pauses in each area for a certain amount of time, in order to collect the data. Two network traversal methods are proposed, a deterministic and a random one. When the sink moves in a random manner, the selection of the next area to visit is done in a biased random manner depending on the frequency of visits of its neighbor areas. Thus, less frequently visited areas are favored. Moreover, our method locally determines the stop time needed to serve each region with respect to some global network resources, such as the initial energy reserves of the nodes and the density of the region, stopping for a greater time interval at regions with higher density, and hence more traffic load. In this way, we achieve accelerated coverage of the network as well as fairness in the service time of each region. Besides randomized mobility, we also propose an optimized deterministic trajectory without visit overlaps, including direct (one-hop) sensor-to-sink data transmissions only. Adaptive random walks: Afterwards, in order to achieve satisfactory energy-latency trade-offs the use of random walks for the sink' s motion pattern is studied. Towards this direction three new random walks evaluated on a grid overlaying the wireless sensor network are proposed. The first one is the Random Walk with Inertia where the sink tends to keep the same direction as long as it discovers new nodes, while changing direction when it encounters already visited ones. The second one is the Explore-and-Go Random Walk, where as long as there are undiscovered nodes on the nearby sub-regions of the network it tends to make a Brownian-like motion until all this area is covered. When no new sensors are discovered, it performs a more or less straight-line walk in order to move to a different, possibly unvisited area. The last one is the Curly Random Walk where the sink traverses the network area beginning from the center and expanding its traversal to the entire network area with consecutive circular-like moves. In random walk studies the Gn,p and Grid graph models are well established. However, wireless sensor networks are more accurately modeled via Random Geometric Graphs (RGG), as RGG better capture certain characteristics of WSN's such as link existence dependencies of neighbouring nodes due to geometric proximity. The above mentioned random walks do not behave well on this particular graph model, thus a new random walk was defined, the so called γ-stretched random walk. Its basic idea is to favour visiting distant neighbours of the current node towards reducing node overlap. Radiation-aware algorithms: Except for the issue of mobility in wireless sensor networks, in this work we also attempt (probably for the first time from a distributed networking perspective) to investigate the aspect of electromagnetic radiation in modern and future heterogeneous wireless networks. We call “radiation” at a target elementary surface the total amount of electromagnetic quantity (in terms of energy or power density) it is exposed to. Thus, we first evaluate, both mathematically and by simulation, the radiation in well known sensor network topologies (random, grid) and then focus on the minimum radiation path problem of finding low radiation trajectories for a person moving in a sensor network. We propose three online heuristics and then we identify the (offline) optimum path given by the shortest paths' algorithm. Afterwards, we focus on the fundamental problem of efficient data propagation in wireless sensor networks, trying to keep latency low while maintaining at low levels the radiation cumulated by wireless transmissions. We first propose greedy and oblivious routing heuristics that are radiation aware. We then combine them with temporal back-off schemes that use local properties of the network (e.g. number of neighbours, distance from sink) in order to “spread” radiation in a spatio-temporal way. Al the proposed protocols were evaluated via simulation, in diverse network settings and comparatively to related state of the art solutions. Systems and applications: Finally, in this work we present two applications of wireless sensor networks in buildings. More specifically, the first application, in the event of a fire inside a monitored building, uses the information from the deployed sensor network in order to find the shortest safest path away from the emergency and provides navigation guidance to the occupants (modelled by a mobile robot), in order to safely evacuate the building. The second application addresses networked embedded systems enabling the seamless interconnection of smart building automations to the Internet and their abstractions as web services, using the latest technologies based on IPv6, such as 6LOWPAN, COAP and RESTLess Architecture.

Συστημικές εφαρμογές

Τυχαίοι περίπατοι

004.62

Wireless sensor networks

Data routing protocols

Energy saving

Experimental evaluation

Applications

Random walks

Radiation awareness

Implementace alternativních metrik v protocolu AODV / Implementation of alternative metric in AODV protocol

Dajčár, Matej

January 2011

There is a lot of alternative routing protocols used in wireless communications. One of these protocols is Ad Hoc On-Demand Distance Vector routing protocol (AODV). This protocol is used in the mobile ad-hoc networks which are self-configuring networks consisting of the independent mobile devices where each one of these devices acts as a router and forwards traffic from other devices. AODV protocol uses hop count as a routing metric, but in the many cases this metric is not optimal in the wireless networks. The goal of this thesis is to propose the alternative criteria which can be used to select best routes. An integral part of this thesis is the experimental implementations of suggested metrics which will be simulated and evaluated in the selected simulation tool. The conclusion of the thesis analyses results obtained from the simulations of the individual suggested versions.

Implementations Of The DTM, DADCQ And SLAB VANET Broadcast Protocols For The Ns-3 Simulator

Unknown Date

This work presents the implementations of three adaptive broadcast protocols for vehicular ad hoc networks (VANET) using the Network Simulator 3 (Ns-3). Performing real life tests for VANET protocols is very costly and risky, so simulation becomes a viable alternative technique. Ns-3 is one of the most advanced open source network simulators. Yet Ns-3 lacks implementations of broadcast protocols for VANET. We first implement the Distance to Mean (DTM) protocol, which uses the distance to mean to determine if a node should rebroadcast or not. We then implement the Distribution-Adaptive Distance with Channel Quality (DADCQ) protocol, which uses node distribution, channel quality and distance to determine if a node should favor rebroadcasting. The third protocol, Statistical Location-Assisted Broadcast protocol (SLAB), is an improvement of DADCQ which automates the threshold function design using machine learning. Our NS-3 implementations of the three protocols have been validated against their JiST/SWANS implementations. / Includes bibliography. / Thesis (M.S.)--Florida Atlantic University, 2016. / FAU Electronic Theses and Dissertations Collection

Mobile computing.

Adaptive Routing Protocols for VANET

Unknown Date

A Vehicular Ad-hoc Network (VANET) is a wireless ad-hoc network that provides communications among vehicles with on-board units and between vehicles and nearby roadside units. The success of a VANET relies on the ability of a routing protocol to ful ll the throughput and delivery requirements of any applications operating on the network. Currently, most of the proposed VANET routing protocols focus on urban or highway environments. This dissertation addresses the need for an adaptive routing protocol in VANETs which is able to tolerate low and high-density network tra c with little throughput and delay variation. This dissertation proposes three Geographic Ad-hoc On-Demand Distance Vector (GEOADV) protocols. These three GEOADV routing protocols are designed to address the lack of exibility and adaptability in current VANET routing protocols. The rst protocol, GEOADV, is a hybrid geographic routing protocol. The second protocol, GEOADV-P, enhances GEOADV by introducing predictive features. The third protocol, GEOADV-PF improves optimal route selection by utilizing fuzzy logic in addition to GEOADV-P's predictive capabilities. To prove that GEOADV and GEOADV-P are adaptive their performance is demonstrated by both urban and highway simulations. When compared to existing routing protocols, GEOADV and GEOADV-P lead to less average delay and a higher average delivery ratio in various scenarios. These advantages allow GEOADV- P to outperform other routing protocols in low-density networks and prove itself to be an adaptive routing protocol in a VANET environment. GEOADV-PF is introduced to improve GEOADV and GEOADV-P performance in sparser networks. The introduction of fuzzy systems can help with the intrinsic demands for exibility and adaptability necessary for VANETs. An investigation into the impact adaptive beaconing has on the GEOADV protocol is conducted. GEOADV enhanced with an adaptive beacon method is compared against GEOADV with three xed beacon rates. Our simulation results show that the adaptive beaconing scheme is able to reduce routing overhead, increase the average delivery ratio, and decrease the average delay. / Includes bibliography. / Dissertation (Ph.D.)--Florida Atlantic University, 2017. / FAU Electronic Theses and Dissertations Collection

Wireless sensor networks.

Computer algorithms.

Mobile computing.

Distributed discovery and management of alternate internet paths with enhanced quality of service

Rakotoarivelo, Thierry, Electrical Engineering & Telecommunications, Faculty of Engineering, UNSW

January 2006

The convergence of recent technology advances opens the way to new ubiquitous environments, where network-enabled devices collectively form invisible pervasive computing and networking environments around the users. These users increasingly require extensive applications and capabilities from these devices. Recent approaches propose that cooperating service providers, at the edge of the network, offer these required capabilities (i.e services), instead of having them directly provided by the devices. Thus, the network evolves from a plain communication medium into an endless source of services. Such a service, namely an overlay application, is composed of multiple distributed application elements, which cooperate via a dynamic communication mesh, namely an overlay association. The Quality of Service (QoS) perceived by the users of an overlay application greatly depends on the QoS on the communication paths of the corresponding overlay association. This thesis asserts and shows that it is possible to provide QoS to an overlay application by using alternate Internet paths resulting from the compositions of independent consecutive paths. Moreover, this thesis also demonstrates that it is possible to discover, select and compose these independent paths in a distributed manner within an community comprising a limited large number of autonomous cooperating peers, such as the fore-mentioned service providers. Thus, the main contributions of this thesis are i) a comprehensive description and QoS characteristic analysis of these composite alternate paths, and ii) an original architecture, termed SPAD (Super-Peer based Alternate path Discovery), which allows the discovery and selection of these alternate paths in a distributed manner. SPAD is a fully distributed system with no single point of failure, which can be easily and incrementally deployed on the current Internet. It empowers the end-users at the edge of the network, allowing them to directly discover and utilize alternate paths.

Network performance (Telecommunication)

Computer networks -- Quality control.

Routing (Computer network management)

Lifenet: a flexible ad hoc networking solution for transient environments

Mehendale, Hrushikesh Sanjay

18 November 2011

In the wake of major disasters, the failure of existing communications infrastructure and the subsequent lack of an effective communication solution results in increased risks, inefficiencies, damage and casualties. Currently available options such as satellite communication are expensive and have limited functionality. A robust communication solution should be affordable, easy to deploy, require little infrastructure, consume little power and facilitate Internet access. Researchers have long proposed the use of ad hoc wireless networks for such scenarios. However such networks have so far failed to create any impact, primarily because they are unable to handle network transience and have usability constraints such as static topologies and dependence on specific platforms. LifeNet is a WiFi-based ad hoc data communication solution designed for use in highly transient environments. After presenting the motivation, design principles and key insights from prior literature, the dissertation introduces a new routing metric called Reachability and a new routing protocol based on it, called Flexible Routing. Roughly speaking, reachability measures the end-to-end multi-path probability that a packet transmitted by a source reaches its final destination. Using experimental results, it is shown that even with high transience, the reachability metric - (1) accurately captures the effects of transience (2) provides a compact and eventually consistent global network view at individual nodes, (3) is easy to calculate and maintain and (4) captures availability. Flexible Routing trades throughput for availability and fault-tolerance and ensures successful packet delivery under varying degrees of transience. With the intent of deploying LifeNet on field we have been continuously interacting with field partners, one of which is Tata Institute of Social Sciences India. We have refined LifeNet iteratively refined base on their feedback. I conclude the thesis with lessons learned from our field trips so far and deployment plans for the near future.

Ad hoc routing

Network protocol architecture

Network protocol design

Networking

WiFi

Reliable routing

MANETs

Ad hoc networks (Computer networks)

Computer networks

Computer science

Routing (Computer network management)

Intrusion Identification For Mobile Ad Hoc Networks

Sahoo, Chandramani

03 1900

A Mobile Ad Hoc Network (MANETs) is a collection of wireless hosts that can be rapidly deployed as a multi hop packet radio network without the aid of any established infrastructure or centralized administration. Such networks can be used to enable next generation of battlefield applications envisioned by the military, including situation awareness systems for maneuvering war fighters, and remotely deployed unmanned microsensor networks. Ad Hoc networks can also provide solutions for civilian applications such as disaster recovery and message exchanges among safety and security personnel involved in rescue missions. Existing solutions for wired network Intrusion Detection Systems (IDSs) do not suit wireless Ad Hoc networks. To utilize either misuse detection or anomaly detection to monitor any possible compromises, the IDS must be able to distinguish normal from anomaly activities. To enable intrusion detection in wireless Ad Hoc networks, the research problems are: • How to efficiently collect normal and anomaly patterns of Ad Hoc networks? The lifetime of the hosts is short and Ad Hoc networks do not have traffic concentration points (router, switch). • How to detect anomalies? The loss could be caused by host movement instead of attacks. Unexpectedly long delay could be caused by unreliable channel instead of malicious discard. In this thesis, we have proposed a novel architecture that uses specification based intrusion detection techniques to detect active attacks against the routing protocols of mobile Ad Hoc networks. Our work analyzes some of the vulnerabilities and discuss the attacks against the AODV protocol. Our approach involves the use of an FSM (Finite State Machine) for specifying the AODV routing behavior and the distributed network monitors for detecting the sequence number attack. Our method can detect most of the bad nodes with low false positive rate and the packet delivery ratio can also be increased with high detection rate. For packet dropping attack, we present a distributed technique to detect this attack in wireless Ad Hoc networks. A bad node can forward packets but in fact it fails to do so. In our technique, every node in the network will check the neighboring nodes to detect if any of them fail to forward the packets. Our technique can detect most of the bad nodes with low false positive rate and the packet delivery ratio can also be increased. The proposed solution can be applied to identify multiple malicious nodes cooperating with each other in MANETs and discover secure routes from source to destination by avoiding malicious nodes acting in cooperation. Our technique will detect the sequence number and Packet Dropping attacks in real time within its radio range with no extra overhead. For resource consumption attack, the proposed scheme incurs no extra overhead, as it makes minimal modifications to the existing data structures and functions related to bad listing a node in the existing version of pure AODV. The proposed scheme is more efficient in terms of the resultant routes established, resource reservations, and computational complexity. If multiple malicious nodes collaborate, they in turn will be restricted and isolated by their neighbors, because they monitor and exercise control over forwarding RREQs by nodes. Hence, the scheme successfully prevents Distributed attacks. The proposed scheme shifts the responsibility of monitoring this parameter to the node's neighbor, ensuring compliance of this restriction. This technique solves all of the problems caused due to unnecessary RREQs from a compromised node. Instead of self-control, the control exercised by a node's neighbor results in preventing this attack. Experiments show that the tool provides effective intrusion detection functionality while using only a limited amount of resources. The loop freedom property has been reduced to an invariant on pairs of nodes. Each node decides & transmits its decision to a control center. Robustness to Threats, Robustness to nodes destruction: Loss of Performance (in terms of ratio) is least for Distributed Option and highest for Centralized Option and Robustness to observations deletion. All the proposed schemes were analyzed and tested under different topologies and conditions with varying number of nodes .The proposed algorithms for improving the robustness of the wireless Ad Hoc networks using AODV protocol against Packet Dropping Attack, Sequence Number attack and resource consumption attack have been simulated for an illustrative network of about 30 nodes. Our experiments have shown that the pattern extracted through simulation can be used to detect attacks effectively. The patterns could also be applied to detect similar attacks on other protocols.

Cellular Telephone

Mobile Communication Networks

Intrusion (Communication)

Routing Protocols

Routing (Computer Networks)

Network Security

Wireless Ad Hoc Networks

Mobile Ad Hoc Networks (MANETs)

Intrusion Detection

Ad Hoc On-Demand Distance Vector (AODV)

Intrusion Detection Systems (IDSs)

Intrusion Identification

Communication Engineering