iTCP: an intelligent TCP with neural network based end-to-end congestion control for ad-hoc multi-hop wireless mesh networks

Maintaining the performance of reliable transport protocols, such as transmission control protocol (TCP), over wireless mesh networks (WMNs) is a challenging problem due to the unique characteristics of data transmission over WMNs. The unique characteristics include multi-hop communication over lossy and non-deterministic wireless mediums, data transmission in the absence of a base station, similar traffic patterns over neighboring mesh nodes, etc. One of the reasons for the poor performance of conventional TCP variants over WMNs is that the congestion control mechanisms in conventional TCP variants do not explicitly account for these unique characteristics. To address this problem, this paper proposes a novel artificial intelligence based congestion control technique for reliable data transfer over WMNs. The synergy with artificial intelligence is established by exploiting a carefully designed neural network (NN) in the congestion control mechanism. We analyze the proposed NN based congestion control technique in detail and incorporate it into TCP to create a new variant that we name as intelligent TCP or iTCP. We evaluate the performance of iTCP using both ns-2 simulations and real testbed experiments. Our evaluation results demonstrate that our proposed congestion control technique exhibits a significant improvement in total network throughput and average energy consumption per transmitted bit compared to the congestion control techniques used in other TCP variants.     

Local Group Communication-aware MAC Protocol in Wireless Sensor Networks

In this paper, we investigate the problem of providing efficient communication primitives across domains of wireless sensor network (WSN) applications. We argue both qualitatively and quantitatively that group communication among sensors of geographic proximity is one of the basic building blocks of many WSN applications. Furthermore, group communication awareness needs to be embedded and implemented at the MAC layer due to the broadcast nature of wireless medium. We devise a MAC protocol, called LGC-MAC to enable efficient single-hop one-to-many and many-to-one communication. We present case studies of two example applications, acoustic target tracking and propagation of information with feedback using LGC-MAC and demonstrate that LGC-MAC can improve the response time, alleviate channel contention and provide better fault tolerance to packet collisions and wireless errors.

A secure group key management scheme for hierarchical mobile ad hoc networks

In this paper, we present a secure group key management scheme for hierarchical mobile ad hoc networks. Our approach aims to improve both scalability and survivability of group key management for large-scale wireless ad hoc networks. To achieve our goal, we propose the following approaches: (1) a multi-level security model, which follows a modified Bell-La Padula security model that is suitable in a hierarchical mobile ad hoc networking environment, and (2) a decentralized group key management infrastructure to achieve such a multi-level security model. Our approaches reduce the key management overhead and improve resilience to any single point failure problem. In addition, we have developed a roaming protocol that is able to provide secure group communication involving group members from different groups without requiring new keys; an advantage of this protocol is that it is able to provide continuous group communication even when the group manager fails.     

Self-healing group key distribution with time-limited node revocation for wireless sensor networks

A novel key distribution scheme with time-limited node revocation is proposed for secure group communications in wireless sensor networks. The proposed scheme offers two important security properties: the seal-healing re-keying message distribution which features periodic one-way re-keying with implicitly authentication, efficient tolerance for the lost re-keying messages, and seamless Traffic Encryption Key (TEK) switch without disrupting ongoing data transmissions; and the time-limited dynamic node attachment and detachment, so that both forward and backward secrecy is assured by dual directional hash chains. It is shown that the communication and computation overhead of the proposed protocol is light, and the protocol is robust under poor communication channel quality and frequent group node topology change.     

Secure opportunistic routing protocols: methods,models, and classification

Addressing communication reliability and security has always been of significant importance in wireless networks. Opportunistic routing (OR) protocols comprise a promising area of research that aims to improve the reliability of communications, particularly in lossy networks. The main concept behind OR protocols is to utilize the broadcast nature of the wireless medium and determine a group of neighboring node candidates, known as candidate set, to collaboratively forward packets towards the destination using a candidate coordination approach. However, similar to traditional routing protocols, OR protocols operate poorly in the presence of malicious nodes and attackers. Therefore, researchers have designed and developed a number of security enhancements, considering the specific characteristics of such protocols. In this paper, following a brief overview on OR protocols, we examine, classify, and compare the different categories of security approaches proposed for OR protocols. More precisely, we divide security-related OR protocols into three categories, including trust-based approaches, game-theory-oriented solutions, and other related protocols. Furthermore, the most significant algorithms of each category are investigated as case studies. Finally, a comparison of different protocols is presented considering the main features, advantages, and shortcomings of each protocol.

     

个人通信系统中的一种移动用户登记认证协议

假冒和窃听攻击是无线通信面临的主要威胁。在个人通信系统中,为了对无线链路提供安全保护,必须对链路上所传送的数据/话音进行加密,而且在用户与服务网络之间必须进行相互认证。近年来,人们在不同的移动通信网络(如GSM,IS-41,CDPD,Wireless LAN等)中提出了许多安全协议。然而,这些协议在个人通信环境中应用时存在不同的弱点。本文基于个人通信系统的双钥保密与认证模型,设计了用户位置登记认证协议;并采用BAN认证逻辑对协议的安全性进行了形式化证明,也对协议的计算复杂性进行了定性分析。分析表明,所提出的协议与现有的协议相比具有许多新的安全特性。     

Design and implementation of multicasting for multi-channel multi-interface wireless mesh networks

Multicasting is a useful communication method in wireless mesh networks (WMNs). Many applications in WMNs require efficient and reliable multicast communications, i.e., high delivery ratio with low overhead among a group of recipients. In spite of its significance, little work has been done on providing such multicast service in multi-channel WMNs. Traditional multicast protocols for wireless and multi-hop networks tend to assume that all nodes, each of which is equipped with a single interface, collaborate on the same channel. This single-channel assumption is not always true, as WMNs often provide nodes with multiple interfaces to enhance performance. In multi-channel and multi-interface (MCMI) WMNs, the same multicast data must be sent multiple times by a sender node if its neighboring nodes operate on different channels. In this paper, we try to tackle the challenging issue of how to design a multicast protocol more suitable for MCMI WMNs. Our multicast protocol builds multicast paths while inviting multicast members, and tries to allocate the same channel to neighboring members in a bottom-up manner. By unifying fixed channels of one-hop multicast neighbors, the proposed algorithm can improve the performance such as reducing multicast data transmission overhead and delay, while managing a successful delivery ratio. In order to prove such expectation on the performance, we have implemented and evaluated the proposed solution on the real testbed having the maximum 24 nodes, each of which is equipped with two IEEE 802.11a Atheros WLAN cards.     

Scalable and fault‐tolerant key agreement protocol for dynamic groups

With the widespread use of the Internet, the popularity of group communication‐based applications has grown considerably. Since most communications over the Internet involve the traversal of insecure networks, basic security services are necessary for these collaborative applications. These security services can be facilitated if the authorized group members share a common secret. In such distributed applications, key agreement protocols are preferred to key distribution protocols. In the past two decades, there have been many proposals for key agreement protocols. Most of these protocols are not efficient and limit the size of the underlying group. In this paper, we consider the scalability problem in group key agreement protocols. We propose a novel framework based on extension of the Diffie–Hellman key exchange protocol. The efficiency of our protocol comes from the clustering of the group members, where the common session key is established collaboratively by all participants. We present the auxiliary protocols needed when the membership changes. We show that our protocol is superior in complexity in both communication and computation overheads required to generate the session key. Copyright © 2006 John Wiley & Sons, Ltd.     

Extending NCP for protocols using public keys

One of the greatest obstacles to wide-spread deployment of wireless mobile systems is security. Cryptographically strong protocols and algorithms are required to enable secure communication over links that are easy to monitor and control by an attacker. While good cryptographic algorithms exist, it is difficult to design protocols that are immune to malicious attack. Good analysis techniques are lacking. This paper presents extensions to a technique for specifying and analyzing nonmonotonic cryptographic protocols that use asymmetric keys. We introduce new actions and inference rules, as well as slight modifications to the Update function. An important observation is that reasoning about the origin of messages is quite different when dealing with asymmetric key protocols. We also introduce the notion that keys in certificates should be bound to the principals receiving them. We extend the technique to meet the binding requirements and show how the flaw in the Denning and Sacco public key protocol, which was discovered by Abadi and Needham, is revealed. We demonstrate the extended technique using one protocol of our own and the Needham and Schroeder public key protocol. We also introduce and analyze a fix to a known weakness in Needham and Schroeder’s protocol using our extended technique. Finally, we present several applications of these techniques to protocols for mobile computing over wireless networks. This revised version was published online in June 2006 with corrections to the Cover Date.     

A dual-mode energy efficient encryption protocol for wireless sensor networks

This paper presents a novel link-layer encryption protocol for wireless sensor networks. The protocol design aims to reduce energy consumption by reducing security related communication overhead. This is done by merging security related data of consecutive packets. The merging (or combining packets) based on simple mathematical operations helps to reduce energy consumption by eliminating the requirement to send security related fields in headers and trailers. We name our protocol as the Compact Security Protocol referred to as C-Sec. In addition to energy savings, the C-Sec protocol also includes a unique security feature of hiding the packet header information. This feature makes it more difficult to trace the flow of wireless communication, and helps to minimize the cost of defending against replay attacks. We performed rigorous testing of the C-Sec protocol and compared it with well-known protocols including TinySec, MiniSec, SNEP and Zigbee. Our performance evaluation demonstrates that the C-Sec protocol outperforms other protocols in terms of energy savings. We also evaluated our protocol with respect to other performance metrics including queuing delay and error probability.     

On the Impact of Quality of Protection in Wireless Local Area Networks with IP Mobility

Wireless local area networks (LANs) are vulnerable to malicious attacks due to their shared medium in unlicensed frequency spectrum, thus requiring security features for a variety of applications even at the cost of quality of service (QoS). However, there is very little work on investigating to what extent system performance is affected by security configurations with respect to mobility scenarios, heterogeneous networks, and different applications. In order to exploit the full potential of existing security solutions, we present a detailed experimental study to demonstrate the impacts of security features on performance by integrating cross-layer security protocols in a wireless LAN testbed with IP mobility. We introduce a quality of protection (QoP) model to indicate the benefits of security protocols and then measure the performance cost of security protocols in terms of authentication time, cryptographic overhead and throughput. Our measurements demonstrate that the effects of security protocols on QoS parameters span a wide range; for example, authentication time is between 0.11 and 6.28 s, which can potentially affect packet loss dramatically. We also find that for the same security protocol throughput in non-roaming scenarios can be up to two times higher than that in roaming scenarios. However, some protocols are robust against mobility with little variation in system performance; thus, it is possible to provision steady service by choosing security protocols when users’ mobility pattern is unknown. Furthermore, we provide observations on cross-layer security protocols and suggestions to the design of future security protocols for real-time services in wireless LANs.

A2-MAKE: An efficient anonymous and accountable mutual authentication and key agreement protocol for WMNs

Multi-hop hybrid wireless mesh networks (WMNs) have recently attracted increasing attention and deployment. For easy acceptance and wide deployment of WMNs, security, privacy, and accountability issues have to be addressed by providing efficient, reliable, and scalable protocols. The fact that regular users, which may be resource-constrained wireless devices, are involved in routing activities highlights the need for efficiency and compactness. However, the said objectives, i.e., security, privacy, accountability, efficiency etc., are, most of the time, not compatible. So far no previous work has adequately reconciled these conflicting objectives in a practical framework. In this paper, we design and implement such a framework named as A²-MAKE, which is a collection of protocols. The framework provides an anonymous mutual authentication protocol whereby legitimate users can connect to network from anywhere without being identified or tracked unwillingly. No single party (or authority, network operator, etc.) can violate the privacy of a user, which is provided in our framework in the strongest sense. Our framework utilizes group signatures, where the private keys and corresponding credentials of the users are generated in a secure three-party protocol. User accountability is implemented via user identification and revocation protocols that can be executed by two semi-trusted authorities, one of which is the network operator. The assumptions about the trust level of the network operator are relaxed with respect to similar protocols. Our framework makes use of more efficient signature generation and verification algorithms in terms of computational complexity than their counterparts in literature, where signature size is almost the same as the shortest signatures proposed for similar purposes so far.     

The Optimization of Combination Scheme in Cooperative Spectrum Sensing Based on the Practical Reporting Frame Format

Wireless mesh networks (WMNs) are emerged as prominent solution to provide seamless connection to the internet. WMNs are typically used for providing broadband wireless internet access to a large number of users and networks. Guaranteeing the quality of service to end users with efficient resource utilization is a challenging issue in WMNs. To accomplish this, we propose a hybrid routing protocol for wireless mesh networks. It is a combination of intra cluster routing protocol (ICR) and inter cluster routing protocol for mesh networks (ICMR). Intra cluster routing protocol is intended to facilitate the communication between mesh clients within a same cluster and inter cluster routing protocol (ICMR) intended to facilitate the communication for mesh clients from different clusters. Intra cluster routing protocol is a proactive type of routing protocol and inter cluster routing protocol is a reactive type of routing protocol. The performance of the proposed protocol is analyzed and the results shown superior performance compared to baseline routing protocols in terms of throughput, end to end delay, packet delivery ratio and jitter.     

A ring-based multicast routing topology with QoS support in wireless mesh networks

Wireless mesh networking (WMN) is an emerging technology for future broadband wireless access. The proliferation of the mobile computing devices that are equipped with cameras and ad hoc communication mode creates the possibility of exchanging real-time data between mobile users in wireless mesh networks. In this paper, we argue for a ring-based multicast routing topology with support from infrastructure nodes for group communications in WMNs. We study the performance of multicast communication over a ring routing topology when 802.11 with RTS/CTS scheme is used at the MAC layer to enable reliable multicast services in WMNs. We propose an algorithm to enhance the IP multicast routing on the ring topology. We show that when mesh routers on a ring topology support group communications by employing our proposed algorithms, a significant performance enhancement is realized. We analytically compute the end-to-end delay on a ring multicast routing topology. Our results show that the end-to-end delay is reduced about 33 %, and the capacity of multicast network (i.e., maximum group size that the ring can serve with QoS guarantees) is increased about 50 % as compared to conventional schemes. We also use our analytical results to develop heuristic algorithms for constructing an efficient ring-based multicast routing topology with QoS guarantees. The proposed algorithms take into account all possible traffic interference when constructing the multicast ring topology. Thus, the constructed ring topology provides QoS guarantees for the multicast traffic and minimizes the cost of group communications in WMNs.     

Path diversified multi-QoS optimization in multi-channel wireless mesh networks

Wireless mesh networks (WMNs) have become a promising solution for quick and low-cost spreading of Internet accesses and other network services. Given the mesh topology, multiple paths are often available between node pairs, which thus naturally endorse path-diversified transmission. Unfortunately, like in wired networks, discovering completely disjoint paths in a WMN remains an intractable problem. It indeed becomes more challenging given the interferences across wireless channels in a WMN, not to mention that applications may demand heterogeneous QoS optimizations across different paths. The availability of multiple channels in advanced WMNs however sheds new lights into this problem. In this paper, we show that, as long as the best channels with different QoS metrics are not overlapped between neighboring node pairs, complete disjoint paths with heterogeneous QoS targets are available in a multi-channel WMN. We present efficient solutions to discover such paths, particularly for bandwidth- and delay-optimization. We also develop novel algorithms for accurately estimating path bandwidth and delay in the multi-channel environment. These lead to the design of a practical protocol that extends the classical Ad hoc On-demand Multi-path Distance Vector (AOMDV). Through extensive simulations, we show that our protocol yields significant improvement over state-of-the-art multi-path protocols in terms of both end-to-end throughput and delay.     

CLEAR: A Cross-Layer Enhanced and Adaptive Routing Framework for Wireless Mesh Networks

Wireless Mesh Networks (WMNs) provide a new and promising solution for broadband Internet services. The distinguishing features and the wide range of WMNs’ applications have attracted both academic and industrial communities. Routing protocols play a crucial role in the functionality and the performance of WMNs due to their direct effect on network throughput, connectivity, supported Quality of Service (QoS) levels, etc. In this paper, a cross-layer based routing framework for multi-interface/multi-channel WMNs, called Cross-Layer Enhanced and Adaptive Routing (CLEAR), is proposed. This framework embodies optimal as well as heuristic solutions. The major component of CLEAR is a new bio-inspired routing protocol called Birds’ Migration Routing protocol (BMR). BMR adopts a newly developed routing metric called Multi-Level Routing metric (MLR) to efficiently utilize the advantages of both multi-radio/multi-channel WMNs and cross-layer design. We also provide an exact solution based on dynamic programming to solve the optimal routing problem in WMNs. Simulation results show that our framework outperforms other routing schemes in terms of network throughput, end-to-end delay, and interference reduction, in addition to being the closest one to the optimal solution.     

A secure and efficient password‐authenticated group key exchange protocol for mobile ad hoc networks

Password‐authenticated group key exchange protocols enable communication parties to establish a common secret key (a session key) by only using short secret passwords. Such protocols have been receiving significant attention. This paper shows some security weaknesses in some recently proposed password‐authenticated group key exchange protocols. Furthermore, a secure and efficient password‐authenticated group key exchange protocol in mobile ad hoc networks is proposed. It only requires constant round to generate a group session key under the dynamic scenario. In other words, the overhead of key generation is independent of the size of a total group. Further, the security properties of our protocol are formally validated by a model checking tool called AVISPA. Security and performance analyses show that, compared with other related group key exchange schemes, the proposed protocol is also efficient for real‐world applications in enhancing the security over wireless communications. Copyright © 2011 John Wiley & Sons, Ltd.     

A Hybrid Adaptive Wireless Channel Access Protocol for Multimedia Personal Communication Systems

This paper proposes a new medium access protocol (MAC) protocol for futurewireless multimedia personal communication systems, denoted hybrid andadaptive multiple access control (HAMAC) protocol. The HAMAC protocolintegrates fixed assignment TDMA protocol, reservation-based protocols, andcontention-based protocols into a single wireless network so as tosimultaneously and efficiently support various classes of traffic such asconstant-bit-rate (CBR), variable-bit-rate (VBR), and available-bit-rate (ABR)traffic. In particular, the HAMAC protocol uses a novel preservationslot technique to overcome the packet contention overhead in packetreservation multiple access (PRMA) like protocols, while keeping mostisochronous service features of TDMA protocols to serve voice and CBR trafficstreams. A preservation slot is a very short slot which is used torepresent a CBR connection when the traffic in the CBR connection is in asilent period in which there is no meaningful data to transmit. Due to thevery short length of the preservation slot, it only takes minimalportion of the bandwidth pre-allocated to the CBR connection, so that theremaining bandwidth can be freed for other connections to use. When the CBRsource becomes active again, the preservation slot is replaced bynormal data slots without any reservation operation, extra delay, orsignificant bandwidth loss. Consequently, the guaranteed service andsimplified signaling features of TDMA protocols, together with the adaptivebandwidth allocation features of PRMA-like protocols, are both realized in theHAMAC protocol. We have analyzed the performance of the HAMAC protocol usingextensive simulations. The results show that the HAMAC protocol can achievevery low loss rates for various multimedia traffic with stringent quality ofservice (QoS) requirements and outperforms state-of-the-art PRMA-likeprotocols. As a result, the HAMAC protocol appears to be a good candidate forfuture generation multimedia personal communication systems.     

An efficient pairing‐free identity‐based authenticated group key agreement protocol

An authenticated group key agreement protocol allows participants to agree on a group key that will be subsequently used to provide secure group communication over an insecure network. In this paper, we give a security analysis on a pairing‐free identity‐based authenticated group key agreement because of Islam et al. We show that the protocol of Islam et al. cannot satisfy the minimal security requirements of the key agreement protocols. We propose an efficient pairing‐free identity‐based authenticated group key agreement for imbalanced mobile network. The proposed protocol can be implemented easily for practical application in mobile networks as it is free from bilinear. Under the difficulty of the InvCDH and CDH we demonstrate that the proposed protocol provides perfect forward secrecy, implicit key authentication and the dynamic functionality. As compared with the group key agreement protocols for imbalanced mobile network, the proposed protocol provides stronger security properties and high efficiency. Copyright © 2013 John Wiley & Sons, Ltd.     

Key establishment and management for WSNs

Wireless Sensor Networks (WSNs) are composed of a large number of low-cost, low-power, and multi-functional sensor nodes that communicate at short distances through wireless links. Those networks could be deployed in an open and hostile environment where attackers may be present. In this context, it is necessary to guarantee confidentiality, integrity and security services in the network. Those security properties could only be achieved if security associations have been created in the network between pairs of nodes, each node and the base station of groups of nodes. Those associations are created through key management protocols for pairwise or group establishment, distribution, renewing of cryptographic keys. Those protocols must only use information that is available in the network or pre-loaded in each sensor as the WSNs mus be autonomous. Moreover, due to the low-cost nature of each node, an attacker is able to compromise nodes because the nodes are not tamper-resistant. Thus a major challenge of the key management protocols becomes to preserve the general security of the network even if t nodes are compromised. We propose in this article a key management and access control protocol based upon a group deployment model. Moreover, this protocol is t-secure, i.e. t corrupted nodes are not sufficient to corrupt all the keys used in the network.