A secure group key management scheme for hierarchical mobile ad hoc networks

In this paper, we present a secure group key management scheme for hierarchical mobile ad hoc networks. Our approach aims to improve both scalability and survivability of group key management for large-scale wireless ad hoc networks. To achieve our goal, we propose the following approaches: (1) a multi-level security model, which follows a modified Bell-La Padula security model that is suitable in a hierarchical mobile ad hoc networking environment, and (2) a decentralized group key management infrastructure to achieve such a multi-level security model. Our approaches reduce the key management overhead and improve resilience to any single point failure problem. In addition, we have developed a roaming protocol that is able to provide secure group communication involving group members from different groups without requiring new keys; an advantage of this protocol is that it is able to provide continuous group communication even when the group manager fails.     

Improving handoff performance by utilizing ad hoc links in multi-hop cellular systems

Handoff performance is a critical issue for mobile users in wireless cellular networks, such as GSM networks, 3G networks, and next generation networks (NGNs). When ad hoc mode is introduced to cellular networks, multi-hop handoffs become inevitable, which brings in new challenging issues to network designers, such as how to reduce the call dropping rate, how to simplify the multi-hop handoff processes, and how to take more advantage of ad hoc mode for better resource management, and most of these issues have not been well addressed as yet. In this paper, we will address some of the issues and propose a scheme, Ad-hoc-Network–Embedded handoff Assisting Scheme (ANHOA), which utilizes the self-organizing feature of ad hoc networks to facilitate handoffs in cellular networks and provide an auxiliary way for mobile users to handoff across different cells. Moreover, we also propose a scheme enabling each BS to find the feasible minimum reservation for handoff calls based on the knowledge of adjacent cells’ traffic information. Due to the use of multi-hop connections, our scheme can apparently alleviate the reservation requirement and lower the call blocking rate while retaining higher spectrum efficiency. We further provide a framework for information exchange among adjacent cells, which can dynamically balance the load among cells. Through this study, we demonstrate how we can utilize ad hoc mode in cellular systems to significantly improve the handoff performance.     

An optimised resource aware approach to information collection in ad hoc networks

In ad hoc networks there is a need for all-to-one protocols that allow for information collection or “sensing” of the state of an ad hoc network and the nodes that comprise it. Such protocols may be used for service discovery, auto-configuration, network management, topology discovery or reliable flooding. There is a parallel between this type of sensing in ad hoc networks and that of sensor networks. However, ad hoc networks and sensor networks differ in their application, construction, characteristics and constraints. The main priority of sensor networks is for the flow of data from sensors back to a sink, but in an ad hoc network this may be of secondary importance. Hence, protocols suitable to sensor networks are not necessarily suitable to ad hoc networks and vice versa. We propose, Resource Aware Information Collection (RAIC), a distributed two phased resource aware approach to information collection in ad hoc networks. RAIC utilises a resource aware optimised flooding mechanism to both disseminate requests and initialise a backbone of resource suitable nodes responsible for relaying replies back to the node collecting information. RAIC in the process of collecting information from all nodes in an ad hoc network is shown to consume less energy and introduce less overhead compared with Directed Diffusion and a brute force approach. Importantly, over multiple successive queries (in an energy constrained environment), the use of resource awareness allows for the load of relaying to be distributed to those nodes most suitable, thereby extending the lifetime of the network.     

Information theoretic framework of trust modeling and evaluation for ad hoc networks

The performance of ad hoc networks depends on cooperation and trust among distributed nodes. To enhance security in ad hoc networks, it is important to evaluate trustworthiness of other nodes without centralized authorities. In this paper, we present an information theoretic framework to quantitatively measure trust and model trust propagation in ad hoc networks. In the proposed framework, trust is a measure of uncertainty with its value represented by entropy. We develop four Axioms that address the basic understanding of trust and the rules for trust propagation. Based on these axioms, we present two trust models: entropy-based model and probability-based model, which satisfy all the axioms. Techniques of trust establishment and trust update are presented to obtain trust values from observation. The proposed trust evaluation method and trust models are employed in ad hoc networks for secure ad hoc routing and malicious node detection. A distributed scheme is designed to acquire, maintain, and update trust records associated with the behaviors of nodes' forwarding packets and the behaviors of making recommendations about other nodes. Simulations show that the proposed trust evaluation system can significantly improve the network throughput as well as effectively detect malicious behaviors in ad hoc networks.     

Security in wireless sensor networks

With sensor networks on the verge of deployment, security issues pertaining to the sensor networks are in the limelight. Though the security in sensor networks share many characteristics with wireless ad hoc networks, the two fields are rapidly diverging due to the fundamental differences between the make‐up and goals of the two types of networks. Perhaps the greatest dividing difference is the energy and computational abilities. Sensor nodes are typically smaller, less powerful, and more prone to failure than nodes in an ad hoc network. These differences indicate that protocols that are valid in the context of ad‐hoc networks may not be directly applicable for sensor networks. In this paper, we survey the state of art in securing wireless sensor networks. We review several protocols that provide security in sensor networks, with an emphasis on authentication, key management and distribution, secure routing, and methods for intrusion detection. Copyright © 2006 John Wiley & Sons, Ltd.     

A heterogeneous‐network aided public‐key management scheme for mobile ad hoc networks

A mobile ad hoc network does not require fixed infrastructure to construct connections among nodes. Due to the particular characteristics of mobile ad hoc networks, most existing secure protocols in wired networks do not meet the security requirements for mobile ad hoc networks. Most secure protocols in mobile ad hoc networks, such as secure routing, key agreement and secure group communication protocols, assume that all nodes must have pre‐shared a secret, or pre‐obtained public‐key certificates before joining the network. However, this assumption has a practical weakness for some emergency applications, because some nodes without pre‐obtained certificates will be unable to join the network. In this paper, a heterogeneous‐network aided public‐key management scheme for mobile ad hoc networks is proposed to remedy this weakness. Several heterogeneous networks (such as satellite, unmanned aerial vehicle, or cellular networks) provide wider service areas and ubiquitous connectivity. We adopt these wide‐covered heterogeneous networks to design a secure certificate distribution scheme that allows a mobile node without a pre‐obtained certificate to instantly get a certificate using the communication channel constructed by these wide‐covered heterogeneous networks. Therefore, this scheme enhances the security infrastructure of public key management for mobile ad hoc networks. Copyright © 2006 John Wiley & Sons, Ltd.     

Extending Global IP Connectivity for Ad Hoc Networks

Ad hoc networks have thus far been regarded as stand-alone networks without assumed connectivity to wired IP networks and the Internet. With wireless broadband communications and portable devices with appropriate CPU, memory and battery performance, ad hoc connectivity will become more feasible and demand for global connectivity through ad hoc networking is likely to rapidly grow. In this paper we propose an algorithm and describe a developed prototype for connectivity between an ad hoc network running the ad hoc on-demand distance-vector protocol and a wired IP network where mobile IP is used for mobility management. Implementation issues and performance metrics are also discussed.     

Scalable Routing Protocol for Ad Hoc Networks

In this paper we present a scalable routing protocol for ad hoc networks. The protocol is based on a geographic location management strategy that keeps the overhead of routing packets relatively small. Nodes are assigned home regions and all nodes within a home region know the approximate location of the registered nodes. As nodes travel, they send location update messages to their home regions and this information is used to route data packets. In this paper, we derive theoretical performance results for the protocol and prove that the control packet overhead scales linearly with node speed and as N ^3/2 with increasing number of nodes. These results indicate that our protocol is well suited to relatively large ad hoc networks where nodes travel at high speed. Finally, we use simulations to validate our analytical model.     

SICC: Source-Initiated Context Construction in Mobile Ad Hoc Networks

Context-aware computing is characterized by the software's ability to continuously adapt its behavior to an environment over which it has little control. This style of interaction is imperative in ad hoc mobile networks that consist of numerous mobile hosts coordinating opportunistically via transient wireless connections. In this paper, we provide a formal abstract characterization of an application's context that extends to encompass a neighborhood within the ad hoc network. We provide a context specification mechanism that allows individual applications to tailor their operating contexts to their personalized needs. We describe a context maintenance protocol that provides this context abstraction in ad hoc networks through continuous evaluation of the context. This relieves the application developer of the obligation of explicitly managing mobility and its implications on behavior. We also characterize the performance of this protocol in ad hoc networks through simulation experiments. Finally, we examine real-world application examples demonstrating its use.     

Local data control and admission control for QoS support in wireless ad hoc networks

Wireless ad hoc networks consist of nodes having a self-centrically broadcasting nature of communication. To provide quality of service (QoS) for ad hoc networks, many issues are involved, including routing, medium-access control (MAC), resource reservation, mobility management, etc. Carefully designed distributed medium-access techniques must be used for channel resources, so that mechanisms are needed to efficiently recover from inevitable frame collisions. For ad hoc wireless networks with a contention-based distributed MAC layer, QoS support and guarantee become extremely challenging. In this paper, we address this challenging issue. We first consider MAC and resource-reservation aspects for QoS support in one-hop ad hoc wireless networks. We propose two local data-control schemes and an admission-control scheme for ad hoc networks with the IEEE 802.11e MAC standard. In the proposed fully distributed local data control schemes, each node maps the measured traffic-load condition into backoff parameters locally and dynamically. In the proposed distributed admission-control scheme, based on measurements, each node makes decisions on the acceptances/rejections of flows by themselves, without the presence of access points. The proposed mechanisms are evaluated via extensive simulations. Studies show that, with the proposed schemes, QoS can be guaranteed under a clear channel condition while maintaining a good utilization. Discussions on applying the proposed schemes into multihop ad hoc networks are also included.     

A fuzzy‐based trust model for flying ad hoc networks (FANETs)

The use of unmanned aerial vehicles has significantly increased for forming an ad hoc network owing to their ability to perform in exciting environment such as armed attacks, border surveillance, disaster management, rescue operation, and transportation. Such types of ad hoc networks are popularly known as flying ad hoc networks (FANETs). The FANET nodes have 2 prominent characteristics—collaboration and cooperation. Trust plays an important role in predicting the behavior of such nodes. Researchers have proposed various methods (direct and indirect) for calculation of the trust value of a given node in ad hoc networks, especially in mobile ad hoc networks and vehicular ad hoc networks. The major characteristic that differentiates a FANET from other ad hoc networks is the velocity of the node; as a result, there are frequent losses in connection and topology change. Therefore, the existing methods of trust calculation are not efficient and effective. In this paper, a fuzzy‐based novel trust model has been proposed to handle the behavioral uncertainty of FANET nodes. Nodes are classified using a multicriteria fuzzy classification method based on node's behavior and performance in the fuzzy and complex environment. Quality of service and social parameter (recommendation) are considered for evaluating the trust value of each node to segregate the selfish and malicious nodes. With the node classification, FANET nodes are rewarded or punished to transform node behavior into a trust value. Compared with the existing trust techniques, the simulation results show that the proposed model has better adaptability, accuracy, and performance in FANETs.     

An Adaptive and Predictive Security Model for Mobile Ad hoc Networks

Mobile ad hoc networks are infrastructure-free, pervasive and ubiquitous in nature, without any centralized authority. These unique characteristics coupled with the growing concerns for security attacks demand an immediate solution for securing the ad hoc network, prior to its full-fledged deployment in commercial and military applications. So far, most of the research in mobile ad hoc networks has been primarily focused on routing and mobility aspects rather than securing the ad hoc networks themselves. Due to ever increasing security threats, there is a need to develop schemes, algorithms, and protocols for a secured ad hoc network infrastructure. To realize this objective, we have proposed a practical and effective security model for mobile ad hoc networks. The proposed predictive security model is designed using a fuzzy feedback control approach. The model is based on identifying critical network parameters that are affected by various types of attacks and it continuously monitors those parameters. Once we measure the relative change in these parameter values, we could detect the type of attack accurately and protect the system, without compromising its effectiveness. Experimental results of the model simulated for selected packet mistreatment attacks and routing attacks are very promising.     

Design and demonstration of policy-based management in a multi-hop ad hoc network

In this paper, we propose a policy-based framework for the management of wireless ad hoc networks and briefly describe a characteristics-based taxonomy that provides a platform to analyze and compare different architectural choices. We develop a solution suite that helps achieve our goal of a self-organizing, robust and efficient management system. One of the main contributions of this work is the prototype implementation and testing of the mechanisms and protocols comprising our framework in a multi-hop ad hoc network environment. Experiments are conducted using both an emulated ad hoc network testbed and a true wireless testbed. Degradation in management system performance is observed as the number of hops between a policy server and client increases. Our proposed k-hop clustering algorithm alleviates this problem by limiting the number of hops between a server and client. We demonstrate the operation of our prototype implementation, illustrating QoS management in a multi-domain ad hoc network environment using the proposed cluster management, redirection, and policy negotiation mechanisms.     

Securing ad hoc networks

Ad hoc networks are a new wireless networking paradigm for mobile hosts. Unlike traditional mobile wireless networks, ad hoc networks do not rely on any fixed infrastructure. Instead, hosts rely on each other to keep the network connected. Military tactical and other security-sensitive operations are still the main applications of ad hoc networks, although there is a trend to adopt ad hoc networks for commercial uses due to their unique properties. One main challenge in the design of these networks is their vulnerability to security attacks. In this article, we study the threats on ad hoc network faces and the security goals to be achieved. We identify the new challenges and opportunities posed by this new networking environment and explore new approaches to secure its communication. In particular, we take advantage of the inherent redundancy in ad hoc networks-multiple routes between nodes-to defend routing against denial-of-service attacks. We also use replication and new cryptographic schemes, such as threshold cryptography, to build a highly secure and highly available key management service, which terms the core of our security framework     

Mesh networks: commodity multihop ad hoc networks

In spite of the massive efforts in researching and developing mobile ad hoc networks in the last decade, this type of network has not yet witnessed mass market deployment. The low commercial penetration of products based on ad hoc networking technology could be explained by noting that the ongoing research is mainly focused on implementing military or specialized civilian applications. On the other hand, users are interested in general-purpose applications where high bandwidth and open access to the Internet are consolidated and cheap commodities. To turn mobile ad hoc networks into a commodity, we should move to more pragmatic "opportunistic ad hoc networking" in which multihop ad hoc networks are not isolated self-configured networks, but rather emerge as a flexible and low-cost extension of wired infrastructure networks coexisting with them. Indeed, a new class of networks is emerging from this view: mesh networks. This article provides an overview of mesh networking technology. In particular, starting from commercial case studies we describe the core building blocks and distinct features on which wireless mesh networks should be based. We provide a survey of the current state of the art in off-the-shelf and proprietary solutions to build wireless mesh networks. Finally, we address the challenges of designing a high-performance, scalable, and cost-effective wireless mesh network.     

Intrusion detection techniques in mobile ad hoc and wireless sensor networks

Mobile ad hoc networks and wireless sensor networks have promised a wide variety of applications. However, they are often deployed in potentially adverse or even hostile environments. Therefore, they cannot be readily deployed without first addressing security challenges. Intrusion detection systems provide a necessary layer of in-depth protection for wired networks. However, relatively little research has been performed about intrusion detection in the areas of mobile ad hoc networks and wireless sensor networks. In this article, first we briefly introduce mobile ad hoc networks and wireless sensor networks and their security concerns. Then, we focus on their intrusion detection capabilities. Specifically, we present the challenge of constructing intrusion detection systems for mobile ad hoc networks and wireless sensor networks, survey the existing intrusion detection techniques, and indicate important future research directions.     

An analytical study of the communication cost of data-centric storage in mobile ad hoc networks

Data-centric storage is a fundamental data management paradigm in wireless multihop networks. Originally introduced for wireless sensor networks, existing approaches are in principle also applicable in mobile ad hoc networks. However, the mobility of such networks strongly impacts storage performance in general and communication cost in particular. While this is recognized in the research community, a detailed account of the performance in terms of communication cost is lacking.In this article, we provide a detailed study of the communication cost of previously proposed data-centric storage mechanisms that are viable in mobile ad hoc networks. We first introduce a comprehensive analytical model that suitably characterizes the communication cost of data-centric storage mechanisms from the literature. We then use our model to evaluate the considered mechanisms in comparative terms as a function of relevant system parameters, including the amount of considered data, the frequency of data updates and queries, and node speed. Our results give a detailed account of data-centric storage performance and are able to identify the most suitable ranges of operation for each of the considered mechanisms.     

Dynamic QoS Allocation for Multimedia Ad Hoc Wireless Networks

In this paper, we propose an approach to support QoS for multimedia applications in ad hoc wireless network. An ad hoc network is a collection of mobile stations forming a temporary network without the aid of any centralized coordinator and is different from cellular networks which require fixed base stations interconnected by a wired backbone. It is useful for some special situations, such as battlefield communications and disaster recovery. The approach we provide uses CSMA/CA medium access protocol and additional reservation and control mechanisms to guarantee quality of service in ad hoc network system. The reason we choose CSMA protocol instead of other MAC protocols is that it is used in most of currently wireless LAN productions. Via QoS routing information and reservation scheme, network resources are dynamically allocated to individual multimedia application connections.     

Efficient Opportunistic Routing in Utility-Based Ad Hoc Networks

Due to resource scarcity, a paramount concern in ad hoc networks is utilizing limited resources efficiently. The self-organized nature of ad hoc networks makes the network utility-based approach an efficient way to allocate limited resources. However, the effect of link instability has not yet been adequately addressed in literature. To efficiently address the routing problem in ad hoc networks, we integrate the cost and stability into a network utility metric, and adopt the metric to evaluate the routing optimality in a unified, opportunistic routing model. Based on this model, an efficient algorithm is designed, both centralized and distributed implementations are presented, and extensive simulations on NS-2 are conducted to verify our results.     

ATP: a reliable transport protocol for ad hoc networks

Existing works have approached the problem of reliable transport in ad hoc networks by proposing mechanisms to improve TCP's performance over such networks, In this paper, we show through detailed arguments and simulations that several of the design elements in TCP are fundamentally inappropriate for the unique characteristics of ad hoc networks. Given that ad hoc networks are typically stand-alone, we approach the problem of reliable transport from the perspective that it is justifiable to develop an entirely new transport protocol that is not a variant of TCP. Toward this end, we present a new reliable transport layer protocol for ad hoc networks called ATP (ad hoc transport protocol). We show through ns2-based simulations that ATP outperforms default TCP as well as TCP-ELFN and ATCP.