Honggang Zhang,O. Patrick Kreidl,Brian DeCleene,Jim Kurose,Xiaoyu Ni

DOI: https://doi.org/10.1109/MILCOM.2009.5379901

2009-01-01

Abstract:In previous work, we proposed a ¿Bootstrap¿ protocol for establishing neighbor relationships, between two mobile nodes in a mission critical deny-by-default Mobile Ad-hoc Network. In this paper, we formally characterize the security properties of this Bootstrap protocol, striving to answer the following questions: 1) To what extent can an adversary undermine the correctness and performance of the Bootstrap protocol? 2) To what extent can the Bootstrap protocol be improved in anticipation of an adversary? Our analyses employ a combination of formal logic and two standard automated model checkers, SPIN and PRISM. Two types of threats are considered, which we call the subverted node and the subverted link. In the subverted link analysis, we further categorize the adversary into two variants, which we call dark-red or light-red in correspondence with having detailed Bootstrap-protocol-specific knowledge or only generic neighbor setup knowledge, respectively. The subverted node analysis shows that the adversary cannot TCP-SYN-flood-like attack nor deadlock the good node within the Bootstrap protocol. The subverted link analysis shows that the adversary cannot undermine the correctness of the protocol, in the sense that the protocol's performance is only degraded in a bounded manner by the dark-red adversary or in a benign manner by the light-red adversary.

Panagiotis Papadimitratos,Zygmunt J. Haas

2024-03-01

Abstract:The emergence of the Mobile Ad Hoc Networking (MANET) technology advocates self-organized wireless interconnection of communication devices that would either extend or operate in concert with the wired networking infrastructure or, possibly, evolve to autonomous networks. In either case, the proliferation of MANET-based applications depends on a multitude of factors, with trustworthiness being one of the primary challenges to be met. Despite the existence of well-known security mechanisms, additional vulnerabilities and features pertinent to this new networking paradigm might render such traditional solutions inapplicable. In particular, the absence of a central authorization facility in an open and distributed communication environment is a major challenge, especially due to the need for cooperative network operation. In particular, in MANET, any node may compromise the routing protocol functionality by disrupting the route discovery process. In this paper, we present a route discovery protocol that mitigates the detrimental effects of such malicious behavior, as to provide correct connectivity information. Our protocol guarantees that fabricated, compromised, or replayed route replies would either be rejected or never reach back the querying node. Furthermore, the protocol responsiveness is safeguarded under different types of attacks that exploit the routing protocol itself. The sole requirement of the proposed scheme is the existence of a security association between the node initiating the query and the sought destination. Specifically, no assumption is made regarding the intermediate nodes, which may exhibit arbitrary and malicious behavior. The scheme is robust in the presence of a number of non-colluding nodes, and provides accurate routing information in a timely manner.

Cryptography and Security

Lidong Zhou,Z.J. Haas

DOI: https://doi.org/10.1109/65.806983

IF: 10.294

1999-01-01

IEEE Network

Abstract:Ad hoc networks are a new wireless networking paradigm for mobile hosts. Unlike traditional mobile wireless networks, ad hoc networks do not rely on any fixed infrastructure. Instead, hosts rely on each other to keep the network connected. Military tactical and other security-sensitive operations are still the main applications of ad hoc networks, although there is a trend to adopt ad hoc networks for commercial uses due to their unique properties. One main challenge in the design of these networks is their vulnerability to security attacks. In this article, we study the threats on ad hoc network faces and the security goals to be achieved. We identify the new challenges and opportunities posed by this new networking environment and explore new approaches to secure its communication. In particular, we take advantage of the inherent redundancy in ad hoc networks-multiple routes between nodes-to defend routing against denial-of-service attacks. We also use replication and new cryptographic schemes, such as threshold cryptography, to build a highly secure and highly available key management service, which terms the core of our security framework.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Panagiotis Papadimitratos,Zygmunt J. Haas

DOI: https://doi.org/10.1109/SAINTW.2003.1210190

2024-03-29

Abstract:The secure operation of the routing protocol is one of the major challenges to be met for the proliferation of the Mobile Ad hoc Networking (MANET) paradigm. Nevertheless, security enhancements have been proposed mostly for reactive MANET protocols. The proposed here Secure Link State Routing Protocol (SLSP) provides secure proactive topology discovery, which can be multiply beneficial to the network operation. SLSP can be employed as a stand-alone protocol, or fit naturally into a hybrid routing framework, when combined with a reactive protocol. SLSP is robust against individual attackers, it is capable of adjusting its scope between local and network-wide topology discovery, and it is capable of operating in networks of frequently changing topology and membership.

Cryptography and Security

C. Caballero-Gil,P. Caballero-Gil,J. Molina-Gil

DOI: https://doi.org/10.48550/arXiv.2209.06495

2022-09-14

Networking and Internet Architecture

Abstract:A Mobile Ad hoc NETwork (MANET) is a type of wireless network without any infrastructure, where nodes must adapt to the changing dynamic situations that result from their mobility. Because of the decentralization of nodes and the security needs of communications, management of MANETs must be self-organized, which is a major research challenge. In order to cope with the intrinsic properties of MANETs, a new decentralized management system for MANETs called Self-organizing Life Cycle Management (SLCM), is here fully described and evaluated. Regarding security, node authentication is the most critical component of access control in any network, and in particular in MANETs. Broadcasting is also a fundamental data dissemination mechanism in these networks. Both aspects have received special attention when defining the proposed SLCM system. In particular, both a strong access control algorithm based on the cryptographic paradigm of zero-knowledge proofs, and a three-step broadcast protocol, are here defined. This work includes the performance evaluation of the scheme, and the obtained experimental results show that SLCM significantly improves both the quality and the security of life cycle management of self-organized MANETs.

GE Meng,ZHAO Xibin,LAM Kwok-yan

DOI: https://doi.org/10.3321/j.issn:1000-0054.2008.07.033

2008-01-01

Abstract:The negative impact of network partitions on the availability of key management services in mobile ad hoc networks(MANET) is alleviated by a robust key management approach for MANET based on the distributed certificate authority(DCA).Auxiliary shares are used to increase the redundancy of shares in the networks thereby ensuring robustness and security at the same time.Simulations show that the average failure ratio for DCA requests is reduced by more than 50%. A security analysis and simulations show that the approach ensures system robustness and thwarts common attacks.

Panlong Yang,Shaoren Zheng

DOI: https://doi.org/10.1109/ICII.2001.983652

2001-01-01

Abstract:Mobile ad hoc networking (MANET) is an infrastructureless network composing many hosts moving in arbitrary manner. Due to the unpredictable and dynamic environments, the MANET networks have much more restricted security requirements than the traditional wired-and-static networks. Although a security model based on CA (certification authority) has been implemented to make the security goal achievable, there are still problems can not be avoided, such as the "bottleneck" of CA. Moreover the CA mechanism also violates the robustness of the wireless system. In this paper, we present common security problems related to routing, and discuss contemporary solutions that are seemingly inadequate for protecting the routing in MANET networks. As a result, we deliver a security-policy based on hierarchical routing. It not only provides the robustness of the network and eliminates the "bottleneck" in the system, but also complies with the organization system especially in the army

Samsul Huda,Amang Sudarsono,Tri Harsono

DOI: https://doi.org/10.24003/emitter.v4i1.116

2016-08-03

EMITTER International Journal of Engineering Technology

Abstract:MANETs are considered as suitable for commercial applications such as law enforcement, conference meeting, and sharing information in a student classroom and critical services such as military operations, disaster relief, and rescue operations. Meanwhile, in military operation especially in the battlefield in freely medium which naturally needs high mobility and flexibility. Thus, applying MANETs make these networks vulnerable to various types of attacks such aspacket eavesdropping, data disseminating, message replay, message modification, and especially privacy issue. In this paper, we propose a secure communication and information exchange in MANET with considering secure adhoc routing and secure information exchange. Regarding privacy issue or anonymity, we use a reliable asymmetric encryption which protecting user privacy by utilizing insensitive user attributes as user identity, CP-ABE (Ciphertext-Policy Attribute-Based Encryption) cryptographic scheme. We also design protocols to implement the proposed scheme for various battlefied scenarios in real evironment using embedded devices. Our experimental results showed that the additional of HMAC (Keyed-Hash Message Authentication Code) and AES (Advanced Encryption standard) schemes using processor 1.2GHz only take processing time about 4.452 ms, we can confirm that our approach by using CP-ABE with added HMAC and AES schemes make low overhead.

English Else

Yunjian Xu,Wei Chen,Zhigang Cao,Khaled Ben Letaief

DOI: https://doi.org/10.1109/glocom.2008.ecp.114

2008-01-01

Abstract:In Mobile Ad hoc NETworks (MANETs), random access and dynamic routing are two critical techniques for mobile nodes to convey information without centralized scheduling. Conventionally, random access and dynamic routing are implemented at the Medium Access Control (MAC) and the network layer, respectively. However, the current MAC protocol Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) cannot support dynamic routing efficiently. To overcome this limitation, we shall propose a cross-layer protocol which takes dynamic routing into consideration when the mobile nodes contend to access the channel. In the proposed distributed protocol, the routing packets of the network layer are transmitted within the contention period. Since the transmission of routing packets is separated from data transmission in the time-domain, our cross- layer protocol eliminates the collision caused by the transmission of short routing packets. Simulation results will show that our design could significantly improve the system performance at both the MAC and network layers.

K Ren,TY Li,ZG Wan,F Bao,RH Deng,K Kim

DOI: https://doi.org/10.1016/j.comnet.2004.01.008

2004-01-01

Abstract:Securing ad hoc networks in a fully self-organized way is effective and light-weight, but fails to accomplish trust initialization in many trust deficient scenarios. To overcome this problem, this paper aims at building well established trust relationships in ad hoc networks without relying on any pre-defined assumption. We propose a probabilistic solution based on distributed trust model. A secret dealer is introduced only in the system bootstrapping phase to complement the assumption in trust initialization. With it, much shorter and more robust trust chains are able to be constructed with high probability. A fully self-organized trust establishment approach is then adopted to conform to the dynamic membership changes. The simulation results on both static and dynamic performances show that our scheme is highly resilient to dynamic membership changing and scales well. The lack of initial trust establishment mechanisms in most higher level security solutions (e.g. key management schemes, secure routing protocols) for ad hoc networks makes them benefit from our scheme.

Benjamin Sliwa,Robert Falkenberg,Christian Wietfeld

DOI: https://doi.org/10.1109/VTCSpring.2017.8108553

2018-02-21

Abstract:Efficient routing is one of the key challenges for next generation vehicular networks in order to provide fast and reliable communication in a smart city context. Various routing protocols have been proposed for determining optimal routing paths in highly dynamic topologies. However, it is the dilemma of those kinds of networks that good paths are used intensively, resulting in congestion and path quality degradation. In this paper, we adopt ideas from multipath routing and propose a simple decentral scheme for Mobile Ad-hoc Network (MANET) routing, which handles passive load balancing without requiring additional communication effort. It can easily be applied to existing routing protocols to achieve load balancing without changing the routing process itself. In comprehensive simulation studies, we apply the proposed load balancing technique to multiple example protocols and evaluate its effects on the network performance. The results show that all considered protocols can achieve significantly higher reliability and improved Packet Delivery Ratio (PDR) values by applying the proposed load balancing scheme.

Networking and Internet Architecture

Aleksi Peltonen,Eduardo Inglés,Sampsa Latvala,Dan Garcia-Carrillo,Mohit Sethi,Tuomas Aura

DOI: https://doi.org/10.3390/s20216101

2020-10-27

Abstract:The emergence of radio technologies, such as Zigbee, Z-Wave, and Bluetooth Mesh, has transformed simple physical devices into smart objects that can understand and react to their environment. Devices, such as light bulbs, door locks, and window blinds, can now be connected to, and remotely controlled from, the Internet. Given the resource-constrained nature of many of these devices, they have typically relied on the use of universal global shared secrets for the initial bootstrapping and commissioning phase. Such a scheme has obvious security weaknesses and it also creates undesirable walled-gardens where devices of one ecosystem do not inter-operate with the other. In this paper, we investigate whether the standard Extensible Authentication Protocol (EAP) framework can be used for secure bootstrapping of resource-constrained devices. EAP naturally provides the benefits of per-device individual credentials, straightforward revocation, and isolation of devices. In particular, we look at the Nimble out-of-band authentication for EAP (EAP-NOOB) as a candidate EAP authentication method. EAP-NOOB greatly simplifies deployment of such devices as it does not require them to be pre-provisioned with credentials of any sort. Based on our implementation experience on off-the-shelf hardware, we demonstrate that lightweight EAP-NOOB is indeed a way forward to securely bootstrap such devices.

Chih-Shun Hsu,Jang-Ping Sheu

DOI: https://doi.org/10.1109/ICPADS.2002.1183411

2002-01-01

Abstract:Leader election and initialization are two fundamental problems in mobile ad hoc networks (MANETs). The leader can serve as a coordinator in the MANETs and the initialization protocol can assign each host a unique and short id. We know that none of the research on initialization for IEEE 802.11-based MANETs has been done. Here, we propose two contention-based leader election and initialization protocols for IEEE 802.11-based single-hop MANETs. Simulation results show that our protocols are efficient.

Khoa Tran Phan,Jaeok Park,Mihaela van der Schaar

DOI: https://doi.org/10.1109/TNET.2011.2182359

2010-06-19

Abstract:Distributed medium access control (MAC) protocols are essential for the proliferation of low cost, decentralized wireless local area networks (WLANs). Most MAC protocols are designed with the presumption that nodes comply with prescribed rules. However, selfish nodes have natural motives to manipulate protocols in order to improve their own performance. This often degrades the performance of other nodes as well as that of the overall system. In this work, we propose a class of protocols that limit the performance gain which nodes can obtain through selfish manipulation while incurring only a small efficiency loss. The proposed protocols are based on the idea of a review strategy, with which nodes collect signals about the actions of other nodes over a period of time, use a statistical test to infer whether or not other nodes are following the prescribed protocol, and trigger a punishment if a departure from the protocol is perceived. We consider the cases of private and public signals and provide analytical and numerical results to demonstrate the properties of the proposed protocols.

Networking and Internet Architecture,Information Theory

Tao Hai,Jincheng Zhou,Ye Lu,Dayang Jawawi,Dan Wang,Edeh Michael Onyema,Cresantus Biamba

DOI: https://doi.org/10.1186/s13677-023-00443-5

2023-01-01

Abstract:Cloud Mobile Ad-hoc Networks (Cloud-MANETs) is a framework that can access and deliver cloud services to MANET users through their smart devices. MANETs is a pool of self-organized mobile gadgets that can communicate with each other with no support from a central authority or infrastructure. The main advantage of MANETs is its ability to manage mobility while data communication between different users in the system occurs. In MANETs, clustering is an active technique used to manage mobile nodes. The security of MANETs is a key aspect for the fundamental functionality of the network. Addressing the security-related problems ensures that the confidentiality and integrity of the data transmission is secure. MANETs are highly prone to attacks because of their properties.In clustering schemes, the network is broken down to sub-networks called clusters. These clusters can have overlapping nodes or be disjointed. An enhanced node referred to asthe Cluster Head (CH) is chosen from each set to overseetasks related to routing. It decreases the member nodes' overhead and improvesthe performance of the system. The relationship between the nodes and CH may vary randomly, leading to re-associations and re-clustering in a MANET that is clustered. An efficient and effective routing protocol is required to allow networking and to find the most suitable paths between the nodes. The networking must be spontaneous, infrastructure-less, and provide end-to-end interactions. The aim of routing is the provision of maximum network load distribution and robust networks. This study focused on the creation of a maximal route between a pair of nodes, and to ensure the appropriate and accurate delivery of the packet. The proposed solution ensured that routing can be carried out with the lowest bandwidth consumption. Compared to existing protocols, the proposed solution had a control overhead of 24, packet delivery ratio of 81, the lowest average end-to-end delay of 6, and an improved throughput of 80,000, thereby enhancing the output of the network. Our result shows that multipath routing enables the network to identify alternate paths connecting the destination and source. Routing is required to conserve energy and for optimum bandwidth utilization.

Syed S. Rizvi,Khaled M. Elleithy

DOI: https://doi.org/10.48550/arXiv.0908.0981

2009-08-09

Abstract:The performance of Mobile Ad hoc networks (MANET) depends on the cooperation of all active nodes. However, supporting a MANET is a cost-intensive activity for a mobile node. From a single mobile node perspective, the detection of routes as well as forwarding packets consume local CPU time, memory, network-bandwidth, and last but not least energy. We believe that this is one of the main factors that strongly motivate a mobile node to deny packet forwarding for others, while at the same time use their services to deliver its own data. This behavior of an independent mobile node is commonly known as misbehaving or selfishness. A vast amount of research has already been done for minimizing malicious behavior of mobile nodes. However, most of them focused on the methods/techniques/algorithms to remove such nodes from the MANET. We believe that the frequent elimination of such miss-behaving nodes never allowed a free and faster growth of MANET. This paper provides a critical analysis of the recent research wok and its impact on the overall performance of a MANET. In this paper, we clarify some of the misconceptions in the understating of selfishness and miss-behavior of nodes. Moreover, we propose a mathematical model that based on the time division technique to minimize the malicious behavior of mobile nodes by avoiding unnecessary elimination of bad nodes. Our proposed approach not only improves the resource sharing but also creates a consistent trust and cooperation (CTC) environment among the mobile nodes. The simulation results demonstrate the success of the proposed approach that significantly minimizes the malicious nodes and consequently maximizes the overall throughput of MANET than other well known schemes.

Cryptography and Security,Networking and Internet Architecture

Akshai Aggarwal,Savita Gandhi,Nirbhay Chaubey,Naren Tada,Srushti Trivedi

DOI: https://doi.org/10.48550/arXiv.1405.6216

2014-02-10

Networking and Internet Architecture

Abstract:Mobile Ad Hoc Networks (MANETs) are collections of mobile nodes that can communicate with one another using multihop wireless links. MANETs are often deployed in the environments, where there is no fixed infrastructure and centralized management. The nodes of mobile ad hoc networks are susceptible to compromise. In such a scenario, designing an efficient, reliable and secure routing protocol has been a major challengesue over the last many years. The routing protocol Ad hoc On-demand Distance Vector (AODV) has no security measures in-built in it. It is vulnerable to many types of routing attacks. The flood attack is one of them. In this paper, we propose a simple and effective technique to secure Ad hoc Ondemand Distance Vector (AODV) routing protocol against flood attacks. To deal with a flood attack, we have proposed Neighbor Defense Technique for Ad hoc On-demand Distance Vector (NDTAODV). This makes AODV more robust. The proposed technique has been designed to isolate the flood attacker with the use of timers, peak value and hello alarm technique. We have simulated our work in Network Simulator NS-2.33 (NS-2) with different pause times by way of different number of malicious nodes. We have compared the performance of NDTAODV with the AODV in normal situation as well as in the presence of malicious attacks. We have considered Packet Delivery Fraction (PDF), Average Throughput (AT) and Normalized Routing Load (NRL) for comparing the performance of NDTAODV and AODV.

Xue Leng,Kaiyu Hou,Yan Chen,Kai Bu,Libin Song

DOI: https://doi.org/10.1016/j.comnet.2019.05.022

2018-01-01

Abstract:SDN-based cloud has the merit of allowing more flexibility in network management, however, the security of network accessing and the correctness of network configuration in SDN-based cloud have not been effectively addressed yet. In this paper, SDNKeeper, a generic and fine-grained policy enforcement system in SDN-based cloud is proposed, which can defend against unauthorized attacks and avoid network resource misconfiguration. With the usage of SDNKeeper, numerous flexible network management policies can be created by administrators, which give administrators the discretionary room on controlling the network resources. To be specific, SDNKeeper can reject any unauthorized network access request at Northbound Interface (NBI), which located between application plane and control plane. Moreover, compared with other traditional policy-based access control systems, SDNKeeper is totally application-transparent and lightweight, which is easy to implement, deploy and runtime configure. Based on the prototype implementation and evaluation, we conclude that SDNKeeper can perform access control accurately with negligible computation overhead whilst the throughput degradation is still within the acceptable range.

Shrikant H Talawar,R. c. Hansdah,Shrikant H. Talawar,R.C. Hansdah

DOI: https://doi.org/10.1109/aina.2015.183

2015-03-01

Abstract:An end-to-end shared secret key between two distant nodes in a mobile ad hoc network(MANET) is essential for providing secure communication between them. However, to provide effective security in a MANET, end-to-end key establishment should be secure against both internal as well as external malicious nodes. An external malicious node in a MANET does not possess any valid security credential related to the MANET, whereas an internal malicious node would possess some valid security credentials related to the MANET. Most of the protocols for end-to-end key establishment in MANETs either make an unrealistic assumption that an end-to-end secure channel exists between source and destination or use bandwidth consuming multi-path schemes. In this paper, we propose a simple and efficient protocol for end-to-end key establishment during route discovery (E2-KDR) in MANETs. Unlike many other existing schemes, the protocol establishes end-to-end key using trust among the nodes which, during initial stage, is established using public key certificate issued by an off-line membership granting authority. However, the use of public key in the proposed protocol is minimal to make it efficient. Since the key is established during route discovery phase, it reduces the key establishment time. The proposed protocol exploits mobility to establish end-to-end key, and provides comprehensive solution by making use of symmetric keys for protecting routing control messages and end-to-end communication. Moreover, as the end-to-end keys are established during route discovery phase, the protocol is on-demand and only necessary keys are established, which makes the protocol storage scalable. The protocol is shown to be secure using security analysis, and its efficiency is confirmed by the results obtained from simulation experiments.

Shashi Gurung,Vivek Mankotia

DOI: https://doi.org/10.1007/s11235-024-01154-1

2024-06-06

Telecommunication Systems

Abstract:Wireless ad hoc networks play a pivotal role in wireless communication systems. MANETs find extensive applications across various domains, encompassing real-time information exchange, network partitioning, rescue operations, interpersonal communication, and data sharing. MANET works as dynamic wireless networks without a fixed infrastructure in which nodes freely join or leave the network at any time. The absence of fixed infrastructure coupled with openness characteristics of MANET poses significant security issues. This paper proposes a technique called as Anti-blackhole, Gray-hole, and Flooding attack-Ad-hoc On-Demand Distance Vector (ABGF-AODV) to identify and thwart the impact of attacks in MANETs. Through extensive evaluation utilizing the NS-2 simulator, the performance of the proposed protocol is thoroughly examined. The results showcase the robustness of the ABGF-AODV protocol against various attacks, yielding better performance as compared with existing state of art technique.

telecommunications