Authentication and Key Exchange in Mobile Ad Hoc Networks

Hoeper, Katrin

09 1900

Over the past decade or so, there has been rapid growth in wireless and mobile applications technologies. More recently, an increasing emphasis has been on the potential of infrastructureless wireless mobile networks that are easy, fast and inexpensive to set up, with the view that such technologies will enable numerous new applications in a wide range of areas. Such networks are commonly referred to as mobile ad hoc networks (MANETs). Exchanging sensitive information over unprotected wireless links with unidentified and untrusted endpoints demand the deployment of security in MANETs. However, lack of infrastructure, mobility and resource constraints of devices, wireless communication links and other unique features of MANETs induce new challenges that make implementing security a very difficult task and require the design of specialized solutions. This thesis is concerned with the design and analysis of security solutions for MANETs. We identify the initial exchange of authentication and key credentials, referred to as pre-authentication, as well as authentication and key exchange as primary security goals. In particular, the problem of pre-authentication has been widely neglected in existing security solutions, even though it is a necessary prerequisite for other security goals. We are the first to classify and analyze different methods of achieving pairwise pre-authentication in MANETs. Out of this investigation, we identify identity-based cryptographic (IBC) schemes as well-suited to secure MANET applications that have no sufficient security solutions at this time. We use pairing-based IBC schemes to design an authentication and key exchange framework that meets the special requirements of MANETs. Our solutions are comprised of algorithms that allow for efficient and secure system set up, pre-authentication, mutual authentication, key establishment, key renewal, key revocation and key escrow prevention. In particular, we present the first fully self-organized key revocation scheme for MANETs that does not require any trusted third party in the network. Our revocation scheme can be used to amend existing IBC solutions, be seamlessly integrated in our security framework and even be adopted to conventional public key solutions for MANETs. Our scheme is based on propagated accusations and once the number of received accusations against a node reaches a defined threshold, the keys of the accused nodes are revoked. All communications are cryptographically protected, but unlike other proposed schemes, do not require computationally demanding digital signatures. Our scheme is the first that efficiently and securely enables nodes to revoke their own keys. Additionally, newly joining nodes can obtain previous accusations without performing computationally demanding operations such as verifying digital signatures. Several security and performance parameters make our scheme adjustable to the hostility of the MANET environment and the degree of resource constraints of network and devices. In our security analysis we show how security parameters can be selected to prevent attacks by colluding nodes and roaming adversaries. In our proposed security framework, we utilize special properties of pairing-based keys to design an efficient and secure method for pairwise pre-authentication and a set of ID-based authenticated key exchange protocols. In addition, we present a format for ID-based public keys that, unlike other proposed formats, allows key renewal before the start of a new expiry interval. Finally, we are the first to discuss the inherent key escrow property of IBC schemes in the context of MANETs. Our analysis shows that some special features of MANETs significantly limit the escrow capabilities of key generation centers (KGCs). We propose a novel concept of spy nodes that can be utilized by KGCs to increase their escrow capabilities and analyze the probabilities of successful escrow attacks with and without spy nodes. In summary, we present a complete authentication and key exchange framework that is tailored for MANET applications that have previously lacked such security solutions. Our solutions can be implemented using any pairing-based IBC scheme. The component design allows for the implementation of single schemes to amend existing solutions that do not provide certain functionalities. The introduction of several security and performance parameters make our solutions adjustable to different levels of resource constraints and security needs. In addition, we present extensions that make our solutions suitable for applications with sporadic infrastructure access as envisioned in the near future.

mobile ad hoc networks

authentication

key exchange

security

key revocation

identity-based cryptography

Electrical and Computer Engineering

Simulation-based Performance Evaluation of MANET Backbone Formation Algorithms

Almahrog, Khalid

January 2007

As a result of the recent advances in the computation and communications industries, wireless communications-enabled computing devices are ubiquitous nowadays. Even though these devices are introduced to satisfy the user’s mobile computing needs, they are still unable to provide for the full mobile computing functionality as they confine the user mobility to be within certain regions in order to benefit from services provided by fixed network access points. Mobile ad hoc networks (MANETs) are introduced as the technology that potentially will make the nowadays illusion of mobile computing a tangible reality. MANETs are created by the mobile computing devices on an ad hoc basis, without any support or administration provided by a fixed or pre-installed communications infrastructure. Along with their appealing autonomy and fast deployment properties, MANETs exhibit some other properties that make their realization a very challenging task. Topology dynamism and bandwidth limitations of the communication channel adversely affect the performance of routing protocols designed for MANETs, especially with the increase in the number of mobile hosts and/or mobility rates. The Connected Dominating Set (CDS), a.k.a. virtual backbone or Spine, is proposed to facilitate routing, broadcasting, and establishing a dynamic infrastructure for distributed location databases. Minimizing the CDS produces a simpler abstracted topology of the MANET and allows for using shorter routes between any pair of hosts. Since it is NP-complete to find the minimum connected dominating set, MCDS, researchers resorted to approximation algorithms and heuristics to tackle this problem. The literature is rich of many CDS approximation algorithms that compete in terms of CDS size, running time, and signaling overhead. It has been reported that localized CDS creation algorithms are the fastest and the lightest in terms of signaling overhead among all other techniques. Examples of these localized CDS algorithms are Wu and Li algorithm and its Stojmenovic variant, the MPR algorithm, and Alzoubi algorithm. The designers of each of these algorithms claim that their algorithm exhibits the highest degree of localization and hence incurs the lowest cost in the CDS creation phase. However, these claims are not supported by any physical or at least simulation-based evidence. Moreover, the cost of maintaining the CDS (in terms of the change in CDS size, running time, and signaling overhead), in the presence of unpredictable and frequent topology changes, is an important factor that has to be taken into account -a cost that is overlooked most of the time. A simulation-based comparative study between the performance of these algorithms will be conducted using the ns2 network simulator. This study will focus on the total costs incurred by these algorithms in terms of CDS size, running time, and signaling overhead generated during the CDS creation and maintenance phases. Moreover, the effects of mobility rates, network size, and mobility models on the performance of each algorithm will be investigated. Conclusions regarding the pros and cons of each algorithm will be drawn, and directions for future research work will be recommended.

Mobile Ad hoc Networks

Backbone foramtion algorithms

Performance Evaluation

Electrical and Computer Engineering

Efficient Cryptographic Algorithms and Protocols for Mobile Ad Hoc Networks

Fan, Xinxin

12 April 2010

As the next evolutionary step in digital communication systems, mobile ad hoc networks (MANETs) and their specialization like wireless sensor networks (WSNs) have been attracting much interest in both research and industry communities. In MANETs, network nodes can come together and form a network without depending on any pre-existing infrastructure and human intervention. Unfortunately, the salient characteristics of MANETs, in particular the absence of infrastructure and the constrained resources of mobile devices, present enormous challenges when designing security mechanisms in this environment. Without necessary measures, wireless communications are easy to be intercepted and activities of users can be easily traced. This thesis presents our solutions for two important aspects of securing MANETs, namely efficient key management protocols and fast implementations of cryptographic primitives on constrained devices. Due to the tight cost and constrained resources of high-volume mobile devices used in MANETs, it is desirable to employ lightweight and specialized cryptographic primitives for many security applications. Motivated by the design of the well-known Enigma machine, we present a novel ultra-lightweight cryptographic algorithm, referred to as Hummingbird, for resource-constrained devices. Hummingbird can provide the designed security with small block size and is resistant to the most common attacks such as linear and differential cryptanalysis. Furthermore, we also present efficient software implementations of Hummingbird on 4-, 8- and 16-bit microcontrollers from Atmel and Texas Instruments as well as efficient hardware implementations on the low-cost field programmable gate arrays (FPGAs) from Xilinx, respectively. Our experimental results show that after a system initialization phase Hummingbird can achieve up to 147 and 4.7 times faster throughput for a size-optimized and a speed-optimized software implementation, respectively, when compared to the state-of-the-art ultra-lightweight block cipher PRESENT on the similar platforms. In addition, the speed optimized Hummingbird encryption core can achieve a throughput of 160.4 Mbps and the area optimized encryption core only occupies 253 slices on a Spartan-3 XC3S200 FPGA device. Bilinear pairings on the Jacobians of (hyper-)elliptic curves have received considerable attention as a building block for constructing cryptographic schemes in MANETs with new and novel properties. Motivated by the work of Scott, we investigate how to use efficiently computable automorphisms to speed up pairing computations on two families of non-supersingular genus 2 hyperelliptic curves over prime fields. Our findings lead to new variants of Miller's algorithm in which the length of the main loop can be up to 4 times shorter than that of the original Miller's algorithm in the best case. We also generalize Chatterjee et al.'s idea of encapsulating the computation of the line function with the group operations to genus 2 hyperelliptic curves, and derive new explicit formulae for the group operations in projective and new coordinates in the context of pairing computations. Efficient software implementation of computing the Tate pairing on both a supersingular and a non-supersingular genus 2 curve with the same embedding degree of k = 4 is investigated. Combining the new algorithm with known optimization techniques, we show that pairing computations on non-supersingular genus 2 curves over prime fields use up to 55.8% fewer field operations and run about 10% faster than supersingular genus 2 curves for the same security level. As an important part of a key management mechanism, efficient key revocation protocol, which revokes the cryptographic keys of malicious nodes and isolates them from the network, is crucial for the security and robustness of MANETs. We propose a novel self-organized key revocation scheme for MANETs based on the Dirichlet multinomial model and identity-based cryptography. Firmly rooted in statistics, our key revocation scheme provides a theoretically sound basis for nodes analyzing and predicting peers' behavior based on their own observations and other nodes' reports. Considering the difference of malicious behaviors, we proposed to classify the nodes' behavior into three categories, namely good behavior, suspicious behavior and malicious behavior. Each node in the network keeps track of three categories of behavior and updates its knowledge about other nodes' behavior with 3-dimension Dirichlet distribution. Based on its own analysis, each node is able to protect itself from malicious attacks by either revoking the keys of the nodes with malicious behavior or ceasing the communication with the nodes showing suspicious behavior for some time. The attack-resistant properties of the resulting scheme against false accusation attacks launched by independent and collusive adversaries are also analyzed through extensive simulations. In WSNs, broadcast authentication is a crucial security mechanism that allows a multitude of legitimate users to join in and disseminate messages into the networks in a dynamic and authenticated way. During the past few years, several public-key based multi-user broadcast authentication schemes have been proposed in the literature to achieve immediate authentication and to address the security vulnerability intrinsic to μTESLA-like schemes. Unfortunately, the relatively slow signature verification in signature-based broadcast authentication has also incurred a series of problems such as high energy consumption and long verification delay. We propose an efficient technique to accelerate the signature verification in WSNs through the cooperation among sensor nodes. By allowing some sensor nodes to release the intermediate computation results to their neighbors during the signature verification, a large number of sensor nodes can accelerate their signature verification process significantly. When applying our faster signature verification technique to the broadcast authentication in a 4×4 grid-based WSN, a quantitative performance analysis shows that our scheme needs 17.7%~34.5% less energy and runs about 50% faster than the traditional signature verification method.

Mobile Ad Hoc Netwoks

Resource-Constrained Devices

Cryptographic Algorithms

Security Protocols

Electrical and Computer Engineering

Authentication and Key Exchange in Mobile Ad Hoc Networks

Hoeper, Katrin

09 1900

Over the past decade or so, there has been rapid growth in wireless and mobile applications technologies. More recently, an increasing emphasis has been on the potential of infrastructureless wireless mobile networks that are easy, fast and inexpensive to set up, with the view that such technologies will enable numerous new applications in a wide range of areas. Such networks are commonly referred to as mobile ad hoc networks (MANETs). Exchanging sensitive information over unprotected wireless links with unidentified and untrusted endpoints demand the deployment of security in MANETs. However, lack of infrastructure, mobility and resource constraints of devices, wireless communication links and other unique features of MANETs induce new challenges that make implementing security a very difficult task and require the design of specialized solutions. This thesis is concerned with the design and analysis of security solutions for MANETs. We identify the initial exchange of authentication and key credentials, referred to as pre-authentication, as well as authentication and key exchange as primary security goals. In particular, the problem of pre-authentication has been widely neglected in existing security solutions, even though it is a necessary prerequisite for other security goals. We are the first to classify and analyze different methods of achieving pairwise pre-authentication in MANETs. Out of this investigation, we identify identity-based cryptographic (IBC) schemes as well-suited to secure MANET applications that have no sufficient security solutions at this time. We use pairing-based IBC schemes to design an authentication and key exchange framework that meets the special requirements of MANETs. Our solutions are comprised of algorithms that allow for efficient and secure system set up, pre-authentication, mutual authentication, key establishment, key renewal, key revocation and key escrow prevention. In particular, we present the first fully self-organized key revocation scheme for MANETs that does not require any trusted third party in the network. Our revocation scheme can be used to amend existing IBC solutions, be seamlessly integrated in our security framework and even be adopted to conventional public key solutions for MANETs. Our scheme is based on propagated accusations and once the number of received accusations against a node reaches a defined threshold, the keys of the accused nodes are revoked. All communications are cryptographically protected, but unlike other proposed schemes, do not require computationally demanding digital signatures. Our scheme is the first that efficiently and securely enables nodes to revoke their own keys. Additionally, newly joining nodes can obtain previous accusations without performing computationally demanding operations such as verifying digital signatures. Several security and performance parameters make our scheme adjustable to the hostility of the MANET environment and the degree of resource constraints of network and devices. In our security analysis we show how security parameters can be selected to prevent attacks by colluding nodes and roaming adversaries. In our proposed security framework, we utilize special properties of pairing-based keys to design an efficient and secure method for pairwise pre-authentication and a set of ID-based authenticated key exchange protocols. In addition, we present a format for ID-based public keys that, unlike other proposed formats, allows key renewal before the start of a new expiry interval. Finally, we are the first to discuss the inherent key escrow property of IBC schemes in the context of MANETs. Our analysis shows that some special features of MANETs significantly limit the escrow capabilities of key generation centers (KGCs). We propose a novel concept of spy nodes that can be utilized by KGCs to increase their escrow capabilities and analyze the probabilities of successful escrow attacks with and without spy nodes. In summary, we present a complete authentication and key exchange framework that is tailored for MANET applications that have previously lacked such security solutions. Our solutions can be implemented using any pairing-based IBC scheme. The component design allows for the implementation of single schemes to amend existing solutions that do not provide certain functionalities. The introduction of several security and performance parameters make our solutions adjustable to different levels of resource constraints and security needs. In addition, we present extensions that make our solutions suitable for applications with sporadic infrastructure access as envisioned in the near future.

mobile ad hoc networks

authentication

key exchange

security

key revocation

identity-based cryptography

Electrical and Computer Engineering

Simulation-based Performance Evaluation of MANET Backbone Formation Algorithms

Almahrog, Khalid

January 2007

As a result of the recent advances in the computation and communications industries, wireless communications-enabled computing devices are ubiquitous nowadays. Even though these devices are introduced to satisfy the user’s mobile computing needs, they are still unable to provide for the full mobile computing functionality as they confine the user mobility to be within certain regions in order to benefit from services provided by fixed network access points. Mobile ad hoc networks (MANETs) are introduced as the technology that potentially will make the nowadays illusion of mobile computing a tangible reality. MANETs are created by the mobile computing devices on an ad hoc basis, without any support or administration provided by a fixed or pre-installed communications infrastructure. Along with their appealing autonomy and fast deployment properties, MANETs exhibit some other properties that make their realization a very challenging task. Topology dynamism and bandwidth limitations of the communication channel adversely affect the performance of routing protocols designed for MANETs, especially with the increase in the number of mobile hosts and/or mobility rates. The Connected Dominating Set (CDS), a.k.a. virtual backbone or Spine, is proposed to facilitate routing, broadcasting, and establishing a dynamic infrastructure for distributed location databases. Minimizing the CDS produces a simpler abstracted topology of the MANET and allows for using shorter routes between any pair of hosts. Since it is NP-complete to find the minimum connected dominating set, MCDS, researchers resorted to approximation algorithms and heuristics to tackle this problem. The literature is rich of many CDS approximation algorithms that compete in terms of CDS size, running time, and signaling overhead. It has been reported that localized CDS creation algorithms are the fastest and the lightest in terms of signaling overhead among all other techniques. Examples of these localized CDS algorithms are Wu and Li algorithm and its Stojmenovic variant, the MPR algorithm, and Alzoubi algorithm. The designers of each of these algorithms claim that their algorithm exhibits the highest degree of localization and hence incurs the lowest cost in the CDS creation phase. However, these claims are not supported by any physical or at least simulation-based evidence. Moreover, the cost of maintaining the CDS (in terms of the change in CDS size, running time, and signaling overhead), in the presence of unpredictable and frequent topology changes, is an important factor that has to be taken into account -a cost that is overlooked most of the time. A simulation-based comparative study between the performance of these algorithms will be conducted using the ns2 network simulator. This study will focus on the total costs incurred by these algorithms in terms of CDS size, running time, and signaling overhead generated during the CDS creation and maintenance phases. Moreover, the effects of mobility rates, network size, and mobility models on the performance of each algorithm will be investigated. Conclusions regarding the pros and cons of each algorithm will be drawn, and directions for future research work will be recommended.

Mobile Ad hoc Networks

Backbone foramtion algorithms

Performance Evaluation

Electrical and Computer Engineering

Efficient Cryptographic Algorithms and Protocols for Mobile Ad Hoc Networks

Fan, Xinxin

12 April 2010

As the next evolutionary step in digital communication systems, mobile ad hoc networks (MANETs) and their specialization like wireless sensor networks (WSNs) have been attracting much interest in both research and industry communities. In MANETs, network nodes can come together and form a network without depending on any pre-existing infrastructure and human intervention. Unfortunately, the salient characteristics of MANETs, in particular the absence of infrastructure and the constrained resources of mobile devices, present enormous challenges when designing security mechanisms in this environment. Without necessary measures, wireless communications are easy to be intercepted and activities of users can be easily traced. This thesis presents our solutions for two important aspects of securing MANETs, namely efficient key management protocols and fast implementations of cryptographic primitives on constrained devices. Due to the tight cost and constrained resources of high-volume mobile devices used in MANETs, it is desirable to employ lightweight and specialized cryptographic primitives for many security applications. Motivated by the design of the well-known Enigma machine, we present a novel ultra-lightweight cryptographic algorithm, referred to as Hummingbird, for resource-constrained devices. Hummingbird can provide the designed security with small block size and is resistant to the most common attacks such as linear and differential cryptanalysis. Furthermore, we also present efficient software implementations of Hummingbird on 4-, 8- and 16-bit microcontrollers from Atmel and Texas Instruments as well as efficient hardware implementations on the low-cost field programmable gate arrays (FPGAs) from Xilinx, respectively. Our experimental results show that after a system initialization phase Hummingbird can achieve up to 147 and 4.7 times faster throughput for a size-optimized and a speed-optimized software implementation, respectively, when compared to the state-of-the-art ultra-lightweight block cipher PRESENT on the similar platforms. In addition, the speed optimized Hummingbird encryption core can achieve a throughput of 160.4 Mbps and the area optimized encryption core only occupies 253 slices on a Spartan-3 XC3S200 FPGA device. Bilinear pairings on the Jacobians of (hyper-)elliptic curves have received considerable attention as a building block for constructing cryptographic schemes in MANETs with new and novel properties. Motivated by the work of Scott, we investigate how to use efficiently computable automorphisms to speed up pairing computations on two families of non-supersingular genus 2 hyperelliptic curves over prime fields. Our findings lead to new variants of Miller's algorithm in which the length of the main loop can be up to 4 times shorter than that of the original Miller's algorithm in the best case. We also generalize Chatterjee et al.'s idea of encapsulating the computation of the line function with the group operations to genus 2 hyperelliptic curves, and derive new explicit formulae for the group operations in projective and new coordinates in the context of pairing computations. Efficient software implementation of computing the Tate pairing on both a supersingular and a non-supersingular genus 2 curve with the same embedding degree of k = 4 is investigated. Combining the new algorithm with known optimization techniques, we show that pairing computations on non-supersingular genus 2 curves over prime fields use up to 55.8% fewer field operations and run about 10% faster than supersingular genus 2 curves for the same security level. As an important part of a key management mechanism, efficient key revocation protocol, which revokes the cryptographic keys of malicious nodes and isolates them from the network, is crucial for the security and robustness of MANETs. We propose a novel self-organized key revocation scheme for MANETs based on the Dirichlet multinomial model and identity-based cryptography. Firmly rooted in statistics, our key revocation scheme provides a theoretically sound basis for nodes analyzing and predicting peers' behavior based on their own observations and other nodes' reports. Considering the difference of malicious behaviors, we proposed to classify the nodes' behavior into three categories, namely good behavior, suspicious behavior and malicious behavior. Each node in the network keeps track of three categories of behavior and updates its knowledge about other nodes' behavior with 3-dimension Dirichlet distribution. Based on its own analysis, each node is able to protect itself from malicious attacks by either revoking the keys of the nodes with malicious behavior or ceasing the communication with the nodes showing suspicious behavior for some time. The attack-resistant properties of the resulting scheme against false accusation attacks launched by independent and collusive adversaries are also analyzed through extensive simulations. In WSNs, broadcast authentication is a crucial security mechanism that allows a multitude of legitimate users to join in and disseminate messages into the networks in a dynamic and authenticated way. During the past few years, several public-key based multi-user broadcast authentication schemes have been proposed in the literature to achieve immediate authentication and to address the security vulnerability intrinsic to μTESLA-like schemes. Unfortunately, the relatively slow signature verification in signature-based broadcast authentication has also incurred a series of problems such as high energy consumption and long verification delay. We propose an efficient technique to accelerate the signature verification in WSNs through the cooperation among sensor nodes. By allowing some sensor nodes to release the intermediate computation results to their neighbors during the signature verification, a large number of sensor nodes can accelerate their signature verification process significantly. When applying our faster signature verification technique to the broadcast authentication in a 4×4 grid-based WSN, a quantitative performance analysis shows that our scheme needs 17.7%~34.5% less energy and runs about 50% faster than the traditional signature verification method.

Mobile Ad Hoc Netwoks

Resource-Constrained Devices

Cryptographic Algorithms

Security Protocols

Electrical and Computer Engineering

Opportunistic Overlays: Efficient Content Delivery in Mobile Environments

Chen, Yuan

13 April 2005

Middleware has become a key enabler for the development of distributed applications. Unfortunately, conventional middleware technologies do not yet offer sufficient functionality to make them suitable for mobile environments. This dissertation proposes a novel middleware approach termed opportunistic overlays and its dynamically reconfigurable support framework for building efficient mobile applications. Specifically, we address the inefficiency of content delivery introduced by node mobility and by dynamically changing system loads, in the context of publish/subscribe systems. In response to changes in physical network topology, in nodes' physical locations, and in network node behaviors, the opportunistic overlay approach dynamically adapts event dissemination structures (i.e., broker overlays) with the goal of optimizing end-to-end delays in event delivery. Adaptation techniques include the dynamic construction of broker overlay networks, runtime changes of mobile clients' assignments to brokers, and dynamic broker load balancing. Essentially, opportunistic overlays implement a middleware-level analogue of the networking routing protocols used in wireless communications (i.e., Mobile IP, AODV, DSR and DSDV). By thus coordinating network- with middleware-level routing, opportunistic overlays can attain substantial performance improvements over non-adaptive event systems. Such improvements are due to their use of shorter network paths and better balancing of loads across event brokers. Opportunistic overlays and the adaptive methods they use are realized by a set of distributed protocols implemented in a Java-based publish/subscribe infrastructure. Comprehensive performance evaluations are performed via simulation, emulation, and with two representative applications on actual networks. Experimental results demonstrate that the opportunistic overlay approach is practically applicable and that the performance advantages attained from the use of opportunistic overlays can be substantial, in both infrastructure-based mobile environments and mobile ad hoc networks.

Mobile ad hoc networks

Adaptive middleware

Communication middleware

Overlay networks

Active middleware

Intrusion Detection and Response Systems for Mobile Ad Hoc Networks

Huang, Yi-an

20 November 2006

A mobile ad hoc network (MANET) consists of a group of autonomous mobile nodes with no infrastructure support. In this research, we develop a distributed intrusion detection and response system for MANET, and we believe it presents a second line of defense that cannot be replaced by prevention schemes. We based our detection framework on the study of attack taxonomy. We then propose a set of detection methods suitable of detecting different attack categories. Our approaches are based on protocol specification analysis with categorical and statistical measures. Node-based approaches may be too restrictive in scenarios where attack patterns cannot be observed by any isolated node. Therefore, we have developed cooperative detection approaches for a more effective detection model. One approach is to form IDS clusters by grouping nearby nodes, and information can be exchanged within clusters. The cluster-based scheme is more efficient in terms of power consumption and resource utilization, it is also proved resilient against common security compromises without changing the decentralized assumption. We further address two response techniques, traceback and filtering. Existing traceback systems are not suitable for MANET because they rely on incompatible assumptions such as trustworthy routers and static route topology. Our solution, instead, adapts to dynamic topology with no infrastructure requirement. Our solution is also resilient in the face of arbitrary number of collaborative adversaries. We also develop smart filtering schemes to maximize the dropping rate of attack packets while minimizing the dropping rate of normal packets with real-time guarantee. To validate our research, we present case study using both ns-2 simulation and MobiEmu emulation platform with three ad hoc routing protocols: AODV, DSR and OLSR. We implemented various representative attacks based on the attack taxonomy. Our experiments show very promising results using node-based and cluster-based approaches.

Data mining

Intrusion detection

Routing security

Mobile ad hoc networks

Network security

An Effective Scheme for Detecting Articulation Points in Zone Routing Protocol

Cheng, Wei-Chung

08 September 2011

Zone Routing Protocol (ZRP) is a typical hybrid routing protocol used in Mobile Ad Hoc Networks (MANETs). Hybrid routing protocols are especially suitable for dynamic environments because they combine the best features of proactive and reactive routing protocols. The Gossip-based Zone Routing Protocol (GZRP) uses a gossip scheme, in which the node forwards a packet to some nodes instead of all nodes to further reduce the control overhead. However, GZRP does not perform well when the network includes articulation points since packets will be lost if an articulation node happens not to forward the packet or nodes happen not to forward packets to the articulation point. To raise the packet delivery ratio, the gossip probability of articulation points must be set to 1 and the packets to be forwarded must be sent to the articulation points in peripheral nodes. Accordingly, how to identify articulation nodes in the network becomes a critical issue. This paper proposes an effective scheme, called articulation point detection (APD), to find the articulation points. Simulation results show that the proposed APD-GZRP (GZRP with articulation point detection) can improve the packet delivery ratio and reduce both the control overhead and power consumption.

zone routing protocol

gossiping

Mobile Ad Hoc Network (MANET)

hybrid routing protocol

articulation point

Performance Enhancement of Gossip-Based Ad Hoc Routing by Using Node Remaining Energy

Chen, Sheng-Chieh

25 October 2012

Broadcasting is a communication model for a node to emit the packets via wireless channels to its neighbor nodes. In mobile ad hoc networks (MANETs), it is commonly implemented through flooding to find routes, send alarm signals and page a particular host. Conventionally, ad hoc routing protocols, such as AODV, use blind flooding extensively for on-demand route discovery, which could result in a high number of redundant retransmissions, leading to serious contention and collisions referred to as the broadcast storm problem. A gossip-based approach, in which each node forwards a message with some probability, has been proposed in past years to alleviate this problem. The approach combines gossiping with AODV (denoted as AODV+G) and exhibits a significant performance improvement in simulations. In this paper, we make a mathematical inference from observing the behavior of the gossip-based approach, and improve the gossip-based approach by employing the remaining energy of nodes in the gossip mechanism (denoted as AODV+GE) to extend the lifetime of the entire network and improve the packet delivery ratio. Through mathematical inference and simulations we show that AODV+GE outperforms AODV+G in terms of the lifetime of the whole network, average node energy consumption, and packet delivery ratio.

Ad hoc On-Demand Distance Vector

node remaining energy

energy-aware

gossiping

Mobile Ad Hoc Network

MANET