HEAP: A packet authentication scheme for mobile ad hoc networks

In mobile ad hoc networks (MANETs) and wireless sensor networks (WSNs), it is easy to launch various sophisticated attacks such as wormhole, man-in-the-middle and denial of service (DoS), or to impersonate another node. To combat such attacks from outsider nodes, we study packet authentication in wireless networks and propose a hop-by-hop, efficient authentication protocol, called HEAP. HEAP authenticates packets at every hop by using a modified HMAC-based algorithm along with two keys and drops any packets that originate from outsiders. HEAP can be used with multicast, unicast or broadcast applications. We ran several simulations to compare HEAP with existing authentication schemes, such as TESLA, LHAP and Lu and Pooch’s algorithm. We measured metrics such as latency, throughput, packet delivery ratio, CPU and memory utilization and show that HEAP performs very well compared to other schemes while guarding against outsider attacks.     

压缩图像码流的分组丢失顽健可伸缩认证算法

摘 要：基于图像编码流的结构和相关性特点,提出了一种分组丢失顽健的可伸缩流认证方法。通过利用散列链和纠错编码算法构造认证算法,该方法可实现优化的码率分配以及非平等认证保护（UAP, unequal authentication protection）。首先对图像编码码流进行解析,获得层次结构信息和编解码依赖性;然后,根据码流数据对重构图像质量的重要程度,利用散列链将次重要的码流数据链接到重要数据上;最后对解码独立码流的散列值和整个码流的数字签名进行纠错编码,提高认证算法对分组丢失的顽健性。该方法仅需要对整个图像码流做一次签名,具有很低的认证代价。实验结果表明,与其他3种流认证算法相比,此法的认证图像具有更高的重构质量。     

A mobile host protocol supporting route optimization andauthentication

Host mobility is becoming an important issue due to the recent proliferation of notebook and palmtop computers, the development of wireless network interfaces, and the growth in global internetworking. This paper describes the design and implementation of a mobile host protocol, called the Internet mobile host protocol (IMHP), that is compatible with the TCP/IP protocol suite, and allows a mobile host to move around the Internet without changing its identity, In particular, IMHP provides host mobility over both the local and wide area, while remaining transparent to the user and to other hosts communicating with the mobile host. IMHP features route optimization and integrated authentication of all management packets. Route optimization allows a node to cache the location of a mobile host and to send future packets directly to that mobile host. By authenticating all management packets, IMHP guards against possible attacks on packet routing to mobile hosts, including the interception or redirection of arbitrary packets within the network. A simple new authentication mechanism is introduced that preserves the level of security found in the Internet today, while accommodating the transition to stronger authentication based on public key cryptography or shared keys that may either be manually administered or provided by a future Internet key management protocol     

Cross-Layer Modeling for QoS-Driven Multimedia Multicast/Broadcast over Fading Channels in [Advances in Mobile Multimedia]

In this article we propose a cross-layer design model for multimedia multicast/broadcast services to efficiently support the diverse quality of service requirements over mobile wireless networks. Specifically, we aim at achieving high system throughput for multimedia multicast/broadcast while satisfying QoS requirements from different protocol layers. First, at the physical layer, we propose a dynamic rate adaptation scheme to optimize the average throughput subject to the loss rate QoS constraint specified from the upper-layer protocol users. We investigate scenarios with either independent and identically distributed (i.i.d.) or non-i.i.d. fading channels connecting to different multicast receivers. Then, applying the effective capacity theory at the data link layer, we study the impact of the delay QoS requirement (i.e., QoS exponent) on the multimedia data rate of mobile multicast/broadcast that our proposed scheme can support. Also presented are simulation results which show the trade-off among different QoS metrics and the performance superiority of our proposed scheme as compared to the other existing schemes.     

A Dynamic Packet Recovery Mechanism for Realtime Service in Mobile Computing Environments

This paper analyzes the characteristics of packet losses in mobile computing environments based on the Gilbert model and then describes a mechanism that can recover the lost audio packets using redundant data. Using information periodically reported by a receiver, the sender dynamically adjusts the amount and offset values of redundant data with the constraint of minimizing the bandwidth consumption of wireless links. Since mobile computing environments can be often characterized by frequent and consecutive packet losses, loss recovery mechanisms need to deal efficiently with both random and consecutive packet losses. To achieve this, the suggested mechanism uses relatively large, discontinuous exponential offset values. That gives the same effect as using both the sequential and interleaving redundant information. To verify the effectiveness of the mechanism, we extended and implemented RTP/RTCP and applications. The experimental results show that our mechanism, with an exponential offset, achieves a remarkably low complete packet loss rate and adapts dynamically to the fluctuation of the packet loss pattern in mobile computing environments.     

RT Oblivious Erasure Correcting

An erasure correcting scheme is rateless if it is designed to tolerate any pattern of packet loss and reveal the transmitted information after a certain number of packets is received. On the one hand, transmission schemes that use rateless erasure correcting schemes do not usually use a feedback channel. However, they may require significant amount of additional processing by both the sender and the receiver. On the other hand, automatic repeated request protocols use a feedback channel to assist the sender, and do not usually require information processing. In this work we present a combined approach, where a lean feedback channel is used to assist the sender to efficiently transmit the information. Our Real-Time oblivious approach minimizes the processing time and the memory requirements of the receiver and, therefore, fits a variety of receiving devices. In addition, the transmission is real-time where the expected number of original packets revealed when a packet is received is approximately the same throughout the entire transmission process. We use our end-to-end scheme as a base for broadcast (and multicast) schemes. An overlay tree structure is used to convey the information to a large number of receivers. Moreover, the receivers may download the information from a number of senders or even migrate from one sender to another.     

不可靠信道上抗主动攻击的组播认证

组播是视频会议、协同工作等各种群组应用的基本通讯模式,组播安全性的研究具有重要意义.组播通常构建在不可靠的通讯协议上,因此存在数据包的丢包现象.大多数的组播认证方案不能用于这种环境,其他一些方案的主要目标是针对网络通讯故障引起的随机包丢失情况,而不能抵抗主动攻击.本文提出了抗部分碰撞哈希函数簇的思想,然后利用哈希图和纠错码技术提构造一种在不可靠信道上新的组播认证方案.该方案不仅具有很高的通讯性能和计算性能,并且在存在部分数据包丢失的情况下也可以抵抗主动攻击.本文提出了一种针对该方案特性的不可靠信道组播认证的形式安全模型,并在此安全模型下基于规约技术证明了该方案的安全性.     

移动多媒体广播中的认证授权策略研究

针对移动多媒体广播大范围用户认证授权的需求特点,分析了移动多媒体广播中的认证授权特殊性,以及传统的条件接收、数字版权管理认证授权方案在移动多媒体广播中应用存在的问题.提出了移动多媒体广播中的认证授权策略,给出了其基本框架,研究了包括重叠网模型、条件接收与数字版权管理结合、双层条件接收等在内的解决方案.通过与传统的条件接收进行比对,提出的方法更适合移动多媒体广播的大用户量并发认证.     

基于机会式网络编码的低时延广播传输算法

为了提高无线网络中数据包广播传输的效率,本文提出了一种基于机会式网络编码的广播传输算法.该算法在发送端按一定顺序选择不同终端的丢包,并采用异或运算编码重传包,在终端采用从重传包中解码数据包的方法恢复丢包.该算法优先恢复时间重要性较高的丢包,并使多个终端同时从单个重传包恢复其丢包,因此有效地提高了广播传输效率并降低了传输...     

广播网络中基于补丁流的丢包恢复机制研究

现有的数字广播网络由于没有回传通道,发送端无法知悉传输过程中的丢包状况。接收端处在广播网络的不同位置,常常因处于小区边缘或受障碍物遮挡等原因造成信号减弱,从而导致丢包率提高。该文提出了一种基于pFEC (patching Forward Error Correction,补丁FEC)的丢包恢复机制,来解决单向广播网络的丢包问题。该方法利用蜂窝移动网络的双向信道来传输补丁流,提供自适应的FEC来降低丢包率。这种方式可以在广播业务中为不同位置的用户提供不同的丢包恢复能力。理论建模及仿真结果显示,在蜂窝移动网络丢包率不高的情况下,pFEC机制能够有效应对个别用户突发的丢包,从而提高广播业务整体的可靠性和服务质量。     

An efficient reliable one-hop broadcast in mobile ad hoc networks

A reliable one-hop broadcast is a fundamental communication primitive in mobile ad hoc networks in which a message from the source node is guaranteed to be delivered to all nodes within the source node’s transmission range. Despite the importance of it, reliable one-hop broadcast is not easy to accomplish due to collisions in wireless networks known as Hidden Terminal Problem. This paper presents a MAC protocol that not only guarantees reliable one-hop broadcast but also achieves it efficiently by exploring as many simultaneous executions of the communication as possible. In addition to the data packets, the proposed algorithm utilizes the control packets that prevent packet collisions, and at the same time, make the simultaneous communications possible to improve the network throughput. Simulation results show the effectiveness of the proposed algorithm.     

Broadcast storm mitigation techniques in vehicular ad hoc networks

Several multihop applications developed for vehicular ad hoc networks use broadcast as a means to either discover nearby neighbors or propagate useful traffic information to other vehicles located within a certain geographical area. However, the conventional broadcast mechanism may lead to the so-called broadcast storm problem, a scenario in which there is a high level of contention and collisions at the link layer due to an excessive number of broadcast packets. While this is a well-known problem in mobile ad hoc wireless networks, only a few studies have addressed this issue in the VANET context, where mobile hosts move along the roads in a certain limited set of directions as opposed to randomly moving in arbitrary directions within a bounded area. Unlike other existing works, we quantify the impact of broadcast storms in VANETs in terms of message delay and packet loss rate in addition to conventional metrics such as message reachability and overhead. Given that VANET applications are currently confined to using the DSRC protocol at the data link layer, we propose three probabilistic and timer-based broadcast suppression techniques: weighted p-persistence, slotted 1-persistence, and slotted p-persistence schemes, to be used at the network layer. Our simulation results show that the proposed schemes can significantly reduce contention at the MAC layer by achieving up to 70 percent reduction in packet loss rate while keeping end-to-end delay at acceptable levels for most VANET applications.     

移动计算网络环境中的认证与小额支付协议

本文在分析现有移动用户认证协议与因特网认证协议基础上,针对移动计算网络的技术特点设计了一个用于移动用户与收费信息服务网络相互认证和用户进行小额电子支付的协议,该协议的新颖之处在于把小额支付方案融入认证协议当中,使移动用户可以利用笔记本电脑或掌上电脑进行付费的网面浏览、购买低价位信息商品以及进行移动电子商务,同时也为移动用户漫游时的记费提供了依据.协议不仅在公共参数的存储空间需求和用户端计算负荷上是适当的,而且可以保护用户不被错误收费,同时提供服务网络防止用户抵赖的合法证据.该协议基于一个全局的公钥基础设施,适用于未来的基于第三代移动通信系统的网络计算环境.     

Explicit Multicasting for Mobile Ad Hoc Networks

In this paper we propose an explicit multicast routing protocol for mobile ad hoc networks (MANETs). Explicit multicasting differs from common approaches by listing destination addresses in data packet headers. Using the explicit destination information, the multicast routing protocol can avoid the overhead of employing its own route construction and maintenance mechanisms by taking advantage of unicast routing table. Our protocol – termed Differential Destination Multicast (DDM) – is an explicit multicast routing protocol specifically designed for MANET environment. Unlike other MANET multicasting protocols, instead of distributing membership control throughout the network, DDM concentrates this authority at the data sources (i.e. senders) thereby giving sources knowledge of group membership. In addition, differentially-encoded, variable-length destination headers are inserted in data packets which are used in combination with unicast routing tables to forward multicast packets towards multicast receivers. Instead of requiring that multicast forwarding state to be stored in all participating nodes, this approach also provides the option of stateless multicasting. Each node independently has the choice of caching forwarding state or having its upstream neighbor to insert this state into self-routed data packets, or some combination thereof. The protocol is best suited for use with small multicast groups operating in dynamic MANET environment.     

Analysis of packet loss processes in high-speed networks

The packet loss process in a single-server queueing system with a finite buffer capacity is analyzed. The model used addresses the packet loss probabilities for packets within a block of a consecutive sequence of packets. An analytical approach is presented that yields efficient recursions for the computation of the distribution of the number of lost packets within a block of packets of fixed or variable size for several arrival models and several numbers of sessions. Numerical examples are provided to compare the distribution obtained with that obtained using the independence assumption to compute the loss probabilities of packets within a block. The results show that forward error correction schemes become less efficient due to the bursty nature of the packet loss processes; real-time traffic might be more sensitive to network congestion than was previously assumed; and the retransmission probability of ATM messages has been overestimated by the use of the independence assumption     

一种基于机会式网络编码的高效广播重传方法

为了提高无线广播网络中数据传输的效率,该文提出了一种新颖的基于机会式网络编码的重传方法。将机会式网络编码技术应用于丢包的重传,并采用高效的丢包组合策略生成重传包。根据网络终端的丢包情况,首先创建丢包的哈希表,再根据哈希表快速选择满足一定编码条件的丢包以生成重传数据包,从而在提高重传性能的同时,有效地降低了重传方法的复杂度。仿真结果表明该方法相比已有算法能有效地减少重传次数,并提高重传包发送和接收的效率。     

Throughput of nonpersistent inhibit sense multiple access with capture

The throughput of an FM mobile radio channel employing a nonpersistent multiple access protocol with inhibit sensing to provide packet data transmission is presented. With FM capture, the variations in received packet power due to propagation loss and multipath allow a packet to be successfully received in the presence of interfering packets, thus increasing the throughput over FM without capture.<>     

A cluster-based trust-aware routing protocol for mobile ad hoc networks

Routing protocols are the binding force in mobile ad hoc network (MANETs) since they facilitate communication beyond the wireless transmission range of the nodes. However, the infrastructure-less, pervasive, and distributed nature of MANETs renders them vulnerable to security threats. In this paper, we propose a novel cluster-based trust-aware routing protocol (CBTRP) for MANETs to protect forwarded packets from intermediary malicious nodes. The proposed protocol organizes the network into one-hop disjoint clusters then elects the most qualified and trustworthy nodes to play the role of cluster-heads that are responsible for handling all the routing activities. The proposed CBTRP continuously ensures the trustworthiness of cluster-heads by replacing them as soon as they become malicious and can dynamically update the packet path to avoid malicious routes. We have implemented and simulated the proposed protocol then evaluated its performance compared to the clustered based routing protocol (CBRP) as well as the 2ACK approach. Comparisons and analysis have shown the effectiveness of our proposed scheme.     

无线网络中基于混合流的高效可靠机会网络编码算法

Although the wireless network is widely used in many fields, its characteristics such as high bit error rate and broadcast links may block its development. Network coding is an artistic way to exploit its intrinsic characteristics to increase the network reliability. Some people research network coding schemes for inter flow or intra flow, each type with its own advantages and disadvantages. In this paper, we propose a new mechanism, called MM NCOPE, which integrates the idea of inter flow and intra flow coding. On the one hand, MM NCOPE utilizes random liner coding to encode the NCOPE packets while NCOPE is a sub protocol for optimizing the COPE algorithm by iteration. In NCOPE, packets are automatically matched by size to be coded. As a result, it improves the coding gain in some level. On the other hand, we adopt the partial Acknowledgement retransmission scheme to achieve high compactness and robustness. ACK is an independent packet with the highest priority rather than a part of the data packets. Compared with existing works on opportunistic network coding, our approach ensures the reliability of wireless links and improves the coding gain.     

Quality-Optimized and Secure End-to-End Authentication for Media Delivery

The need for security services, such as confidentiality and authentication, has become one of the major concerns in multimedia communication applications, such as video on demand and peer-to-peer content delivery. Conventional data authentication cannot be directly applied for streaming media when an unreliable channel is used and packet loss may occur. This paper begins by reviewing existing end-to-end media authentication schemes, which can be classified into stream-based and content-based techniques. We then motivate and describe how to design authentication schemes for multimedia delivery that exploit the unequal importance of different packets. By applying conventional cryptographic hashes and digital signatures to the media packets, the system security is similar to that achievable in conventional data security. However, instead of optimizing packet verification probability, we optimize the quality of the authenticated media, which is determined by the packets that are received and able to be decoded and authenticated. The quality of the authenticated media is optimized by allocating the authentication resources unequally across streamed packets based on their relative importance, thereby providing unequal authenticity protection. The effectiveness of this approach is demonstrated through experimental results on different media types (image and video), different compression standards (JPEG, JPEG2000, and H.264), and different channels (wired with packet erasures and wireless with bit errors).