Enhancing a network coding security scheme to avoid packet dropping in wireless mesh networks / H.L.H.C. Terblanche.

Terblanche, Heila Levina Helena Catharina

January 2013

With the increase of mobile and smart device usage, the interest in dynamically forming networks is rising. One such type of network isWireless Mesh Networks (WMNs). WMNs are multi-hop networks, with a decentralised nature that can dynamically form into mesh topologies. Network Coding (NC) is a method that is used to increase the efficiency of networks by encoding and decoding data on packet level by means of an XOR operation. NC works well with WMNs because it can exploit WMNs broadcast and opportunistic listening properties. When implementing NC on WMNs the issue of security has to be taken into consideration. Dong et al. identified various security threats for intra-flow NC in WMNs. Intra-flow NC combines packets within individual flows, where the information is divided into different flows called generations, to optimize the decoding process. They identified threats for each component of intra-flow NC for WMNs. These components include forwarding node selection, data packet forwarding and acknowledgement delivery. These threats respectively for each component are wormhole attacks and link quality falsification, packet pollution and packet dropping and acknowledgementdropping, injection and delay. We identified that most security schemes focus on packet pollution attacks in NC, but not on any other threats. Packet dropping is also a major threat in networks that is not addressed. Both packet pollution and packet dropping are threats identified for the data forwarding component of WMNs. The Delayed Authentication with Random Transformations (DART) security scheme addresses packet pollution in intra-flow NC systems. The scheme is based on time asymmetry and checksums. The DART scheme only addresses packet pollution and not any of the other identified threats. The DART scheme was selected to be enhanced to also address packet dropping. To enhance the DART scheme we added additional information to the DART scheme’s checksum packets to detect malicious packet dropping nodes in the network. The information added to the checksum packet took the form of a HealthMatrix, which indicates how many packets a node has received and verified. The new scheme, called the Packet Dropping Detection (PDD) scheme collects the additional information from the checksum packets at the receiver node. The receiver sends the collected information to the source node which then uses the information to identify the malicious nodes in the network. These nodes are then removed from the network. The results show that this new scheme causes a small decrease in throughput – about 2%. The identification of malicious nodes can be used as a diagnostic tool and faulty nodes can be repaired or removed form the network. The advantage to detect malicious packet dropping nodes far outweighs this decrease in throughput. In this dissertation we investigate the effects of packet pollution and packet dropping on NC networks inWMNs. We also enhance an already existing scheme (DART) to add additional packet dropping detection security to it without a great loss in throughput. / Thesis (MIng (Computer and Electronic Engineering))--North-West University, Potchefstroom Campus, 2013.

Network coding

packet dropping

packet pollution

security

wireless mesh networks

Enhancing a network coding security scheme to avoid packet dropping in wireless mesh networks / H.L.H.C. Terblanche.

Terblanche, Heila Levina Helena Catharina

January 2013

With the increase of mobile and smart device usage, the interest in dynamically forming networks is rising. One such type of network isWireless Mesh Networks (WMNs). WMNs are multi-hop networks, with a decentralised nature that can dynamically form into mesh topologies. Network Coding (NC) is a method that is used to increase the efficiency of networks by encoding and decoding data on packet level by means of an XOR operation. NC works well with WMNs because it can exploit WMNs broadcast and opportunistic listening properties. When implementing NC on WMNs the issue of security has to be taken into consideration. Dong et al. identified various security threats for intra-flow NC in WMNs. Intra-flow NC combines packets within individual flows, where the information is divided into different flows called generations, to optimize the decoding process. They identified threats for each component of intra-flow NC for WMNs. These components include forwarding node selection, data packet forwarding and acknowledgement delivery. These threats respectively for each component are wormhole attacks and link quality falsification, packet pollution and packet dropping and acknowledgementdropping, injection and delay. We identified that most security schemes focus on packet pollution attacks in NC, but not on any other threats. Packet dropping is also a major threat in networks that is not addressed. Both packet pollution and packet dropping are threats identified for the data forwarding component of WMNs. The Delayed Authentication with Random Transformations (DART) security scheme addresses packet pollution in intra-flow NC systems. The scheme is based on time asymmetry and checksums. The DART scheme only addresses packet pollution and not any of the other identified threats. The DART scheme was selected to be enhanced to also address packet dropping. To enhance the DART scheme we added additional information to the DART scheme’s checksum packets to detect malicious packet dropping nodes in the network. The information added to the checksum packet took the form of a HealthMatrix, which indicates how many packets a node has received and verified. The new scheme, called the Packet Dropping Detection (PDD) scheme collects the additional information from the checksum packets at the receiver node. The receiver sends the collected information to the source node which then uses the information to identify the malicious nodes in the network. These nodes are then removed from the network. The results show that this new scheme causes a small decrease in throughput – about 2%. The identification of malicious nodes can be used as a diagnostic tool and faulty nodes can be repaired or removed form the network. The advantage to detect malicious packet dropping nodes far outweighs this decrease in throughput. In this dissertation we investigate the effects of packet pollution and packet dropping on NC networks inWMNs. We also enhance an already existing scheme (DART) to add additional packet dropping detection security to it without a great loss in throughput. / Thesis (MIng (Computer and Electronic Engineering))--North-West University, Potchefstroom Campus, 2013.

Network coding

packet dropping

packet pollution

security

wireless mesh networks