Enhancing a network coding security scheme to avoid packet dropping in wireless mesh networks / H.L.H.C. Terblanche.

Terblanche, Heila Levina Helena Catharina

January 2013

With the increase of mobile and smart device usage, the interest in dynamically forming networks is rising. One such type of network isWireless Mesh Networks (WMNs). WMNs are multi-hop networks, with a decentralised nature that can dynamically form into mesh topologies. Network Coding (NC) is a method that is used to increase the efficiency of networks by encoding and decoding data on packet level by means of an XOR operation. NC works well with WMNs because it can exploit WMNs broadcast and opportunistic listening properties. When implementing NC on WMNs the issue of security has to be taken into consideration. Dong et al. identified various security threats for intra-flow NC in WMNs. Intra-flow NC combines packets within individual flows, where the information is divided into different flows called generations, to optimize the decoding process. They identified threats for each component of intra-flow NC for WMNs. These components include forwarding node selection, data packet forwarding and acknowledgement delivery. These threats respectively for each component are wormhole attacks and link quality falsification, packet pollution and packet dropping and acknowledgementdropping, injection and delay. We identified that most security schemes focus on packet pollution attacks in NC, but not on any other threats. Packet dropping is also a major threat in networks that is not addressed. Both packet pollution and packet dropping are threats identified for the data forwarding component of WMNs. The Delayed Authentication with Random Transformations (DART) security scheme addresses packet pollution in intra-flow NC systems. The scheme is based on time asymmetry and checksums. The DART scheme only addresses packet pollution and not any of the other identified threats. The DART scheme was selected to be enhanced to also address packet dropping. To enhance the DART scheme we added additional information to the DART scheme’s checksum packets to detect malicious packet dropping nodes in the network. The information added to the checksum packet took the form of a HealthMatrix, which indicates how many packets a node has received and verified. The new scheme, called the Packet Dropping Detection (PDD) scheme collects the additional information from the checksum packets at the receiver node. The receiver sends the collected information to the source node which then uses the information to identify the malicious nodes in the network. These nodes are then removed from the network. The results show that this new scheme causes a small decrease in throughput – about 2%. The identification of malicious nodes can be used as a diagnostic tool and faulty nodes can be repaired or removed form the network. The advantage to detect malicious packet dropping nodes far outweighs this decrease in throughput. In this dissertation we investigate the effects of packet pollution and packet dropping on NC networks inWMNs. We also enhance an already existing scheme (DART) to add additional packet dropping detection security to it without a great loss in throughput. / Thesis (MIng (Computer and Electronic Engineering))--North-West University, Potchefstroom Campus, 2013.

Network coding

packet dropping

packet pollution

security

wireless mesh networks

Enhancing a network coding security scheme to avoid packet dropping in wireless mesh networks / H.L.H.C. Terblanche.

Terblanche, Heila Levina Helena Catharina

January 2013

With the increase of mobile and smart device usage, the interest in dynamically forming networks is rising. One such type of network isWireless Mesh Networks (WMNs). WMNs are multi-hop networks, with a decentralised nature that can dynamically form into mesh topologies. Network Coding (NC) is a method that is used to increase the efficiency of networks by encoding and decoding data on packet level by means of an XOR operation. NC works well with WMNs because it can exploit WMNs broadcast and opportunistic listening properties. When implementing NC on WMNs the issue of security has to be taken into consideration. Dong et al. identified various security threats for intra-flow NC in WMNs. Intra-flow NC combines packets within individual flows, where the information is divided into different flows called generations, to optimize the decoding process. They identified threats for each component of intra-flow NC for WMNs. These components include forwarding node selection, data packet forwarding and acknowledgement delivery. These threats respectively for each component are wormhole attacks and link quality falsification, packet pollution and packet dropping and acknowledgementdropping, injection and delay. We identified that most security schemes focus on packet pollution attacks in NC, but not on any other threats. Packet dropping is also a major threat in networks that is not addressed. Both packet pollution and packet dropping are threats identified for the data forwarding component of WMNs. The Delayed Authentication with Random Transformations (DART) security scheme addresses packet pollution in intra-flow NC systems. The scheme is based on time asymmetry and checksums. The DART scheme only addresses packet pollution and not any of the other identified threats. The DART scheme was selected to be enhanced to also address packet dropping. To enhance the DART scheme we added additional information to the DART scheme’s checksum packets to detect malicious packet dropping nodes in the network. The information added to the checksum packet took the form of a HealthMatrix, which indicates how many packets a node has received and verified. The new scheme, called the Packet Dropping Detection (PDD) scheme collects the additional information from the checksum packets at the receiver node. The receiver sends the collected information to the source node which then uses the information to identify the malicious nodes in the network. These nodes are then removed from the network. The results show that this new scheme causes a small decrease in throughput – about 2%. The identification of malicious nodes can be used as a diagnostic tool and faulty nodes can be repaired or removed form the network. The advantage to detect malicious packet dropping nodes far outweighs this decrease in throughput. In this dissertation we investigate the effects of packet pollution and packet dropping on NC networks inWMNs. We also enhance an already existing scheme (DART) to add additional packet dropping detection security to it without a great loss in throughput. / Thesis (MIng (Computer and Electronic Engineering))--North-West University, Potchefstroom Campus, 2013.

Network coding

packet dropping

packet pollution

security

wireless mesh networks

Entropy maximisation and queues with or without balking : an investigation into the impact of generalised maximum entropy solutions on the study of queues with or without arrival balking and their applications to congestion management in communication networks

Shah, Neelkamal Paresh

January 2014

An investigation into the impact of generalised maximum entropy solutions on the study of queues with or without arrival balking and their applications to congestion management in communication networks Keywords: Queues, Balking, Maximum Entropy (ME) Principle, Global Balance (GB), Queue Length Distribution (QLD), Generalised Geometric (GGeo), Generalised Exponential (GE), Generalised Discrete Half Normal (GdHN), Congestion Management, Packet Dropping Policy (PDP) Generalisations to links between discrete least biased (i.e. maximum entropy (ME)) distribution inferences and Markov chains are conjectured towards the performance modelling, analysis and prediction of general, single server queues with or without arrival balking. New ME solutions, namely the generalised discrete Half Normal (GdHN) and truncated GdHN (GdHNT) distributions are characterised, subject to appropriate mean value constraints, for inferences of stationary discrete state probability distributions. Moreover, a closed form global balance (GB) solution is derived for the queue length distribution (QLD) of the M/GE/1/K queue subject to extended Morse balking, characterised by a Poisson prospective arrival process, i.i.d. generalised exponential (GE) service times and finite capacity, K. In this context, based on comprehensive numerical experimentation, the latter GB solution is conjectured to be a special case of the GdHNT ME distribution. ii Owing to the appropriate operational properties of the M/GE/1/K queue subject to extended Morse balking, this queueing system is applied as an ME performance model of Internet Protocol (IP)-based communication network nodes featuring static or dynamic packet dropping congestion management schemes. A performance evaluation study in terms of the model’s delay is carried out. Subsequently, the QLD’s of the GE/GE/1/K censored queue subject to extended Morse balking under three different composite batch balking and batch blocking policies are solved via the technique of GB. Following comprehensive numerical experimentation, the latter QLD’s are also conjectured to be special cases of the GdHNT. Limitations of this work and open problems which have arisen are included after the conclusions.

519.8

Entropy Maximisation and Queues With or Without Balking. An investigation into the impact of generalised maximum entropy solutions on the study of queues with or without arrival balking and their applications to congestion management in communication networks.

Shah, Neelkamal P.

January 2014

An investigation into the impact of generalised maximum entropy solutions on the study of queues with or without arrival balking and their applications to congestion management in communication networks Keywords: Queues, Balking, Maximum Entropy (ME) Principle, Global Balance (GB), Queue Length Distribution (QLD), Generalised Geometric (GGeo), Generalised Exponential (GE), Generalised Discrete Half Normal (GdHN), Congestion Management, Packet Dropping Policy (PDP) Generalisations to links between discrete least biased (i.e. maximum entropy (ME)) distribution inferences and Markov chains are conjectured towards the performance modelling, analysis and prediction of general, single server queues with or without arrival balking. New ME solutions, namely the generalised discrete Half Normal (GdHN) and truncated GdHN (GdHNT) distributions are characterised, subject to appropriate mean value constraints, for inferences of stationary discrete state probability distributions. Moreover, a closed form global balance (GB) solution is derived for the queue length distribution (QLD) of the M/GE/1/K queue subject to extended Morse balking, characterised by a Poisson prospective arrival process, i.i.d. generalised exponential (GE) service times and finite capacity, K. In this context, based on comprehensive numerical experimentation, the latter GB solution is conjectured to be a special case of the GdHNT ME distribution. ii Owing to the appropriate operational properties of the M/GE/1/K queue subject to extended Morse balking, this queueing system is applied as an ME performance model of Internet Protocol (IP)-based communication network nodes featuring static or dynamic packet dropping congestion management schemes. A performance evaluation study in terms of the model’s delay is carried out. Subsequently, the QLD’s of the GE/GE/1/K censored queue subject to extended Morse balking under three different composite batch balking and batch blocking policies are solved via the technique of GB. Following comprehensive numerical experimentation, the latter QLD’s are also conjectured to be special cases of the GdHNT. Limitations of this work and open problems which have arisen are included after the conclusions

Vers des communications de confiance et sécurisées dans un environnement véhiculaire / Towards trusted and secure communications in a vehicular environment

Tan, Heng Chuan

13 September 2017

Le routage et la gestion des clés sont les plus grands défis dans les réseaux de véhicules. Un comportement de routage inapproprié peut affecter l’efficacité des communications et affecter la livraison des applications liées à la sécurité. D’autre part, la gestion des clés, en particulier en raison de l’utilisation de la gestion des certificats PKI, peut entraîner une latence élevée, ce qui peut ne pas convenir à de nombreuses applications critiques. Pour cette raison, nous proposons deux modèles de confiance pour aider le protocole de routage à sélectionner un chemin de bout en bout sécurisé pour le transfert. Le premier modèle se concentre sur la détection de noeuds égoïstes, y compris les attaques basées sur la réputation, conçues pour compromettre la «vraie» réputation d’un noeud. Le second modèle est destiné à détecter les redirecteurs qui modifient le contenu d’un paquet avant la retransmission. Dans la gestion des clés, nous avons développé un système de gestion des clés d’authentification et de sécurité (SA-KMP) qui utilise une cryptographie symétrique pour protéger la communication, y compris l’élimination des certificats pendant la communication pour réduire les retards liés à l’infrastructure PKI. / Routing and key management are the biggest challenges in vehicular networks. Inappropriate routing behaviour may affect the effectiveness of communications and affect the delivery of safety-related applications. On the other hand, key management, especially due to the use of PKI certificate management, can lead to high latency, which may not be suitable for many time-critical applications. For this reason, we propose two trust models to assist the routing protocol in selecting a secure end-to-end path for forwarding. The first model focusses on detecting selfish nodes, including reputation-based attacks, designed to compromise the “true” reputation of a node. The second model is intended to detect forwarders that modify the contents of a packet before retransmission. In key management, we have developed a Secure and Authentication Key Management Protocol (SA-KMP) scheme that uses symmetric cryptography to protect communication, including eliminating certificates during communication to reduce PKI-related delays.

Règle de combinaison de Dempster

Fusion d’informations

Attaques par paquets

Attaques basées sur la réputation

Attaques à transmission limitée

VANET

WMN

PKI sans certificat

Cryptosystèmes hybrides

Proverif

Accord de clé 3D basé sur un réseau

Dempster’s rule of combination

Information fusion

Packet dropping attacks

Recommendation-based trust model

Reputation-based attacks

Limited transmission power attacks

Merkle tree authentication mechanism

VANET

WMN

Certificate-less PKI

Hybrid cryptosystems

Proverif

3D grid-based key agreement