A localized certificate revocation scheme for mobile ad hoc networks

The issue of certificate revocation in mobile ad hoc networks (MANETs) where there are no on-line access to trusted authorities, is a challenging problem. In wired network environments, when certificates are to be revoked, certificate authorities (CAs) add the information regarding the certificates in question to certificate revocation lists (CRLs) and post the CRLs on accessible repositories or distribute them to relevant entities. In purely ad hoc networks, there are typically no access to centralized repositories or trusted authorities; therefore the conventional method of certificate revocation is not applicable.In this paper, we present a decentralized certificate revocation scheme that allows the nodes within a MANET to revoke the certificates of malicious entities. The scheme is fully contained and it does not rely on inputs from centralized or external entities.     

Certificate status validation in mobile ad hoc networks - [accepted from open call]

Certificate validation is much more complex in mobile ad hoc networks than in conventional networks because online access to trusted authorities is not always guaranteed. For this reason, we require new solutions to overcome both the lack of infrastructure and the limited capabilities of several user devices. In this article we study the application of different mechanisms for certificate validation in MANETs and present a cooperative mechanism for certificate validation suitable for MANETs.     

Information theoretic framework of trust modeling and evaluation for ad hoc networks

The performance of ad hoc networks depends on cooperation and trust among distributed nodes. To enhance security in ad hoc networks, it is important to evaluate trustworthiness of other nodes without centralized authorities. In this paper, we present an information theoretic framework to quantitatively measure trust and model trust propagation in ad hoc networks. In the proposed framework, trust is a measure of uncertainty with its value represented by entropy. We develop four Axioms that address the basic understanding of trust and the rules for trust propagation. Based on these axioms, we present two trust models: entropy-based model and probability-based model, which satisfy all the axioms. Techniques of trust establishment and trust update are presented to obtain trust values from observation. The proposed trust evaluation method and trust models are employed in ad hoc networks for secure ad hoc routing and malicious node detection. A distributed scheme is designed to acquire, maintain, and update trust records associated with the behaviors of nodes' forwarding packets and the behaviors of making recommendations about other nodes. Simulations show that the proposed trust evaluation system can significantly improve the network throughput as well as effectively detect malicious behaviors in ad hoc networks.     

Attack-resistant cooperation stimulation in autonomous ad hoc networks

In autonomous ad hoc networks, nodes usually belong to different authorities and pursue different goals. In order to maximize their own performance, nodes in such networks tend to be selfish, and are not willing to forward packets for the benefits of other nodes. Meanwhile, some nodes might behave maliciously and try to disrupt the network and waste other nodes' resources. In this paper, we present an attack-resilient cooperation stimulation (ARCS) system for autonomous ad hoc networks to stimulate cooperation among selfish nodes and defend against malicious attacks. In the ARCS system, the damage that can be caused by malicious nodes can be bounded, the cooperation among selfish nodes can be enforced, and the fairness among nodes can also be achieved. Both theoretical analysis and simulation results have confirmed the effectiveness of the ARCS system. Another key property of the ARCS system lies in that it is completely self-organizing and fully distributed, and does not require any tamper-proof hardware or central management points.     

SOS: Self‐organized secure framework for VANET

While authentication is a necessary requirement to provide security in vehicular ad hoc networks, user's personal information such as identity and location must be kept private. The reliance on road side units or centralized trusted authority nodes to provide security services is critical because both are vulnerable, thus cannot be accessed by all users, which mean security absence. In this paper, we introduce a self‐organized secure framework, deployed in vehicular ad hoc networks. The proposed framework solution is designed not only to provide an effective, integrated security and privacy‐preserving mechanism but also to retain the availability of all security services even if there are no road side units at all and/or the trusted authority node is compromised. A decentralized tier‐based security framework that depends on both trusted authority and some fully trusted nodes cooperated to distribute security services is presented. Our approach combines the useful features of both Shamir secret sharing with a trust‐based technique to ensure continuity of achieving all security services. Mathematical analysis of security issues that the proposed framework achieves as well as the availability of offering security services is provided. Proposed framework examination was done to show the performance in terms of storage, computation complexity, and communication overhead as well as its resilience against various types of attacks. Comparisons with different types of security schemes showed that the protocol developed gave better results in most comparison parameters while being unique ensuring continuity of security services delivery.     

Security and Cooperation in clustered mobile ad hoc networks with centralized supervision

Although individual node cooperation is necessary for the correct execution of network protocols in mobile ad hoc networks (MANETs), it is not always guaranteed. In this paper, we present a node reputation scheme aiming at reinforcing node cooperation in MANETs with centralized control. This scheme was designed for centralized ad hoc network architecture (CANA), an ad hoc enhancement to the HIPERLAN/2 WLAN standard. Misbehavior detection techniques for protocol attacks in both the cluster formation and data transmission phases of the network operation are developed. Statistical methods for selecting the optimal parameters of the reputation scheme are investigated and their efficiency is illustrated through theoretical analysis and simulation results. Throughout this paper, the specific aspects of CANA that impose particular design decisions are outlined and the applicability of our scheme to other network architectures is discussed.     

Efficient flooding with passive clustering-an overhead-free selective forward mechanism for ad hoc/sensor networks

High capacity real-time data communications in sensor networks usually require multihop routing and ad hoc routing protocols. Unfortunately, ad hoc routing protocols usually do not scale well and cannot handle dense situations efficiently. These two issues-scalability and density-are the major limitations when we apply ad hoc routing schemes to sensor networks. Passive clustering (PC) classifies ad hoc/sensor nodes into critical and noncritical nodes without any extra transmission. By 2-b piggybacking and monitoring user traffic (e.g., data polling requests from a sink), PC deploys the clustering structure "for free". Moreover, PC makes even the first flooding as efficient as all subsequent floodings (i.e., no initialization overhead). PC introduces many benefits, including efficient flooding and density adaptation. As a result, PC reduces control overhead of ad hoc routing protocols significantly and, as a consequence, enables ad hoc routing in large, dense sensor networks. The resulting structure can be utilized in cluster-based ad hoc network/sensor networking as well as for active node selection.     

Context-Aware Migratory Services in Ad Hoc Networks

Ad hoc networks can be used not only as data carriers for mobile devices but also as providers of a new class of services specific to ubiquitous computing environments. Building services in ad hoc networks, however, is challenging due to the rapidly changing operating contexts, which often lead to situations where a node hosting a certain service becomes unsuitable for hosting the service execution any longer. We propose a novel model of service provisioning in ad hoc networks based on the concept of context- aware migratory services. Unlike a regular service that executes always on the same node, a migratory service can migrate to different nodes in the network in order to accomplish its task. The migration is triggered by changes of the operating context, and it occurs transparently to the client application. We designed and implemented a framework for developing migratory services. We built TJam, a proof-of-concept migratory service that predicts traffic jams in a given region of a highway by using only car-to-car short-range wireless communication. The experimental results obtained over an ad hoc network of personal digital assistants (PDAs) show the effectiveness of our approach in the presence of frequent disconnections. We also present simulation results that demonstrate the benefits of migratory services in large-scale networks compared to a statically centralized approach.     

Dynamic QoS Allocation for Multimedia Ad Hoc Wireless Networks

In this paper, we propose an approach to support QoS for multimedia applications in ad hoc wireless network. An ad hoc network is a collection of mobile stations forming a temporary network without the aid of any centralized coordinator and is different from cellular networks which require fixed base stations interconnected by a wired backbone. It is useful for some special situations, such as battlefield communications and disaster recovery. The approach we provide uses CSMA/CA medium access protocol and additional reservation and control mechanisms to guarantee quality of service in ad hoc network system. The reason we choose CSMA protocol instead of other MAC protocols is that it is used in most of currently wireless LAN productions. Via QoS routing information and reservation scheme, network resources are dynamically allocated to individual multimedia application connections.     

A heterogeneous‐network aided public‐key management scheme for mobile ad hoc networks

A mobile ad hoc network does not require fixed infrastructure to construct connections among nodes. Due to the particular characteristics of mobile ad hoc networks, most existing secure protocols in wired networks do not meet the security requirements for mobile ad hoc networks. Most secure protocols in mobile ad hoc networks, such as secure routing, key agreement and secure group communication protocols, assume that all nodes must have pre‐shared a secret, or pre‐obtained public‐key certificates before joining the network. However, this assumption has a practical weakness for some emergency applications, because some nodes without pre‐obtained certificates will be unable to join the network. In this paper, a heterogeneous‐network aided public‐key management scheme for mobile ad hoc networks is proposed to remedy this weakness. Several heterogeneous networks (such as satellite, unmanned aerial vehicle, or cellular networks) provide wider service areas and ubiquitous connectivity. We adopt these wide‐covered heterogeneous networks to design a secure certificate distribution scheme that allows a mobile node without a pre‐obtained certificate to instantly get a certificate using the communication channel constructed by these wide‐covered heterogeneous networks. Therefore, this scheme enhances the security infrastructure of public key management for mobile ad hoc networks. Copyright © 2006 John Wiley & Sons, Ltd.     

MANET中一种基于Agent的能量节约方案

MANET是一种没有中心的特殊的移动自组织网络,由于节点依赖于电池,能量有限,因此节能是一个重要问题。文中提出的了一种基于Agent的能量节约方案,首先通过较少的移动Agent传递网络中节点的信息;然后根据各节点电池余量等参数,选择最合适的路径进行数据传输。从而可以节省整个网络的能耗,并保护剩余能量低的节点。实验结果表明这种方案可以延长整个网络的生存时间。     

An Adaptive and Predictive Security Model for Mobile Ad hoc Networks

Mobile ad hoc networks are infrastructure-free, pervasive and ubiquitous in nature, without any centralized authority. These unique characteristics coupled with the growing concerns for security attacks demand an immediate solution for securing the ad hoc network, prior to its full-fledged deployment in commercial and military applications. So far, most of the research in mobile ad hoc networks has been primarily focused on routing and mobility aspects rather than securing the ad hoc networks themselves. Due to ever increasing security threats, there is a need to develop schemes, algorithms, and protocols for a secured ad hoc network infrastructure. To realize this objective, we have proposed a practical and effective security model for mobile ad hoc networks. The proposed predictive security model is designed using a fuzzy feedback control approach. The model is based on identifying critical network parameters that are affected by various types of attacks and it continuously monitors those parameters. Once we measure the relative change in these parameter values, we could detect the type of attack accurately and protect the system, without compromising its effectiveness. Experimental results of the model simulated for selected packet mistreatment attacks and routing attacks are very promising.     

DART: Dynamic Address RouTing for Scalable Ad Hoc and Mesh Networks

It is well known that the current ad hoc protocol suites do not scale to work efficiently in networks of more than a few hundred nodes. Most current ad hoc routing architectures use flat static addressing and thus, need to keep track of each node individually, creating a massive overhead problem as the network grows. Could dynamic addressing alleviate this problem? In this paper, we argue that the use of dynamic addressing can enable scalable routing in ad hoc networks. We provide an initial design of a routing layer based on dynamic addressing, and evaluate its performance. Each node has a unique permanent identifier and a transient routing address, which indicates its location in the network at any given time. The main challenge is dynamic address allocation in the face of node mobility. We propose mechanisms to implement dynamic addressing efficiently. Our initial evaluation suggests that dynamic addressing is a promising approach for achieving scalable routing in large ad hoc and mesh networks     

Asymptotic Connectivity Properties of Cooperative Wireless Ad Hoc Networks

Extensive research has demonstrated the potential improvement in physical layer performance when multiple radios transmit concurrently in the same radio channel. We consider how such cooperation affects the requirements for full connectivity and percolation in large wireless ad hoc networks. Both noncoherent and coherent cooperative transmission are considered. For one-dimensional (1-D) extended networks, in contrast to noncooperative networks, for any path loss exponent less than or equal to one, full connectivity occurs under the noncoherent cooperation model with probability one for any node density. Conversely, there is no full connectivity with probability one when the path loss exponent exceeds one, and the network does not percolate for any node density if the path loss exponent exceeds two. In two-dimensional (2-D) extended networks with noncoherent cooperation, for any path loss exponent less than or equal to two, full connectivity is achieved for any node density. Conversely, there is no full connectivity when the path loss exponent exceeds two, but the cooperative network percolates for node densities above a threshold which is strictly less than that of the noncooperative network. A less conclusive set of results is presented for the coherent case. Hence, even relatively simple noncoherent cooperation improves the connectivity of large ad hoc networks.     

SEAD: secure efficient distance vector routing for mobile wireless ad hoc networks

An ad hoc network is a collection of wireless computers (nodes), communicating among themselves over possibly multihop paths, without the help of any infrastructure such as base stations or access points. Although many previous ad hoc network routing protocols have been based in part on distance vector approaches, they have generally assumed a trusted environment. In this paper, we design and evaluate the Secure Efficient Ad hoc Distance vector routing protocol (SEAD), a secure ad hoc network routing protocol based on the design of the Destination-Sequenced Distance-Vector routing protocol. In order to support use with nodes of limited CPU processing capability, and to guard against Denial-of-Service attacks in which an attacker attempts to cause other nodes to consume excess network bandwidth or processing time, we use efficient one-way hash functions and do not use asymmetric cryptographic operations in the protocol. SEAD performs well over the range of scenarios we tested, and is robust against multiple uncoordinated attackers creating incorrect routing state in any other node, even in spite of any active attackers or compromised nodes in the network.     

A fuzzy‐based trust model for flying ad hoc networks (FANETs)

The use of unmanned aerial vehicles has significantly increased for forming an ad hoc network owing to their ability to perform in exciting environment such as armed attacks, border surveillance, disaster management, rescue operation, and transportation. Such types of ad hoc networks are popularly known as flying ad hoc networks (FANETs). The FANET nodes have 2 prominent characteristics—collaboration and cooperation. Trust plays an important role in predicting the behavior of such nodes. Researchers have proposed various methods (direct and indirect) for calculation of the trust value of a given node in ad hoc networks, especially in mobile ad hoc networks and vehicular ad hoc networks. The major characteristic that differentiates a FANET from other ad hoc networks is the velocity of the node; as a result, there are frequent losses in connection and topology change. Therefore, the existing methods of trust calculation are not efficient and effective. In this paper, a fuzzy‐based novel trust model has been proposed to handle the behavioral uncertainty of FANET nodes. Nodes are classified using a multicriteria fuzzy classification method based on node's behavior and performance in the fuzzy and complex environment. Quality of service and social parameter (recommendation) are considered for evaluating the trust value of each node to segregate the selfish and malicious nodes. With the node classification, FANET nodes are rewarded or punished to transform node behavior into a trust value. Compared with the existing trust techniques, the simulation results show that the proposed model has better adaptability, accuracy, and performance in FANETs.     

An energy-efficient MAC protocol based on IEEE 802.11 in wireless ad hoc networks

Energy efficiency is a measure of the performance of IEEE 802.11 wireless multihop ad hoc networks. The IEEE 802.11 standard, currently used in wireless multihop ad hoc networks, wastes bandwidth capacity and energy resources because of many collisions. Therefore, controlling the contention window size at a given node will increase not only the operating life of the battery but also the overall system capacity. It is essential to develop effective backoff schemes for saving power in IEEE 802.11 wireless multihop ad hoc networks. In this paper, we propose an energy-efficient backoff scheme and evaluate its performance in an ad hoc network. Our contention window mechanism devised by us grants a node access to a channel on the basis of the node’s percentage of residual energy. We use both an analytical model and simulation experiments to evaluate the effective performance of our scheme in an ad hoc network. Our extensive ns-2-based simulation results have shown that the proposed scheme provides excellent performance in terms of energy goodput, end-to-end goodput, and packet delivery ratio, as well as the end-to-end delay.     

Probabilistic analysis of routes on mobile ad hoc networks

The ad hoc network is comprised of mobile nodes without wires or any infrastructures. All data are transmitted from source node to destination node through wireless channels. The ad hoc network is self-organized by ad hoc network routing protocols. Due to the mobility of nodes, the route which is constructed from many proposed ad hoc network routing protocols and comprised of several direct node-to-node links exists only for a certain period. That also means the route is subject to frequent breakages. In this letter, the probabilistic behavior of a constructed route is investigated through simulation and curve fitting. The simulation results show that the probability density function of a route is exponential distribution. The simulation also shows how the time proportion is distributed among different route lengths under a certain scenario. The route is a basic factor in the ad hoc network which operates without any central controller. The characteristics of the route have much influence on the performance of the ad hoc network. Thus the probabilistic analysis provides important implications when we are designing ad hoc network routing protocols and deploying ad hoc networks.     

Ad hoc网络两种按需路由协议性能分析

Ad hoc网络是一种无需依赖于事先布设的基础设施,而仅依靠网络内部节点之间的协作,就能够完成节点间通信的网络。比较了Ad hoc网络两种主流的按需路由协议：动态源路由协议,自组网按需距离矢量路由协议。使用基于ns-2的仿真模型进行仿真,并通过分组交付率、平均端到端时延、标准化路由负荷、对两种按需路由协议进行评估。实验结果表明即使DSR和AODV协议都是按需路由协议,但它们采取的路由机制的不同,导致它们的性能表现的巨大差异。     

URSA: ubiquitous and robust access control for mobile ad hoc networks

Restricting network access of routing and packet forwarding to well-behaving nodes and denying access from misbehaving nodes are critical for the proper functioning of a mobile ad-hoc network where cooperation among all networking nodes is usually assumed. However, the lack of a network infrastructure, the dynamics of the network topology and node membership, and the potential attacks from inside the network by malicious and/or noncooperative selfish nodes make the conventional network access control mechanisms not applicable. We present URSA, a ubiquitous and robust access control solution for mobile ad hoc networks. URSA implements ticket certification services through multiple-node consensus and fully localized instantiation. It uses tickets to identify and grant network access to well-behaving nodes. In URSA, no single node monopolizes the access decision or is completely trusted. Instead, multiple nodes jointly monitor a local node and certify/revoke its ticket. Furthermore, URSA ticket certification services are fully localized into each node's neighborhood to ensure service ubiquity and resilience. Through analysis, simulations, and experiments, we show that our design effectively enforces access control in the highly dynamic, mobile ad hoc network.