MobiWorp: Mitigation of the wormhole attack in mobile multihop wireless networks

In multihop wireless systems, the need for cooperation among nodes to relay each other’s packets exposes them to a wide range of security attacks. A particularly devastating attack is the wormhole attack, where a malicious node records control traffic at one location and tunnels it to a colluding node, possibly far away, which replays it locally. This can have an adverse effect on route establishment by preventing nodes from discovering legitimate routes that are more than two hops away. Previous works on tolerating wormhole attacks have focused only on detection and used specialized hardware, such as directional antennas or extremely accurate clocks. More recent work has addressed the problem of locally isolating the malicious nodes. However, all of this work has been done in the context of static networks due to the difficulty of secure neighbor discovery with mobile nodes. The existing work on secure neighbor discovery has limitations in accuracy, resource requirements, and applicability to ad hoc and sensor networks. In this paper, we present a countermeasure for the wormhole attack, called MobiWorp, which alleviates these drawbacks and efficiently mitigates the wormhole attack in mobile networks. MobiWorp uses a secure central authority (CA) for global tracking of node positions. Local monitoring is used to detect and isolate malicious nodes locally. Additionally, when sufficient suspicion builds up at the CA, it enforces a global isolation of the malicious node from the whole network. The effect of MobiWorp on the data traffic and the fidelity of detection is brought out through extensive simulation using ns-2. The results show that as time progresses, the data packet drop ratio goes to zero with MobiWorp due the capability of MobiWorp to detect, diagnose and isolate malicious nodes. With an appropriate choice of design parameters, MobiWorp is shown to completely eliminate framing of a legitimate node by malicious nodes, at the cost of a slight increase in the drop ratio. The results also show that increasing mobility of the nodes degrades the performance of MobiWorp.     

On security of wireless sensor networks: a data authentication protocol using digital signature

Guaranteeing end-to-end data security in wireless sensor networks (WSNs) is important and has drawn much attention of researchers over past years. Because an attacker may take control of compromised sensor nodes to inject bogus reports into WSNs, enhancing data authenticity becomes a necessary issue in WSNs. Unlike PCREF (Yang et al. in IEEE Trans Comput 64(1):4–18, 2015) (LEDS, Ren et al. in IEEE Trans Mobile Comput 7(5):585–598, 2008), digital signature rather than message authentication polynomials (message authentication codes) is adopted by our protocol in en-route filtering. Keeping the advantages of clusters in PCREF and overcoming the drawbacks in LEDS, an enhanced and efficient cluster-based security protocol is proposed in this paper. The proposed protocol can guarantee end-to-end data authentication with the aid of digital signature and exhibits its effectiveness and efficiency through security analysis and performance analysis. Our analytical results show that the proposed protocol significantly outperforms the closely related protocols in the literature in term of security strength and protocol overhead.     

Key management protocol with end-to-end data security and key revocation for a multi-BS wireless sensor network

Focusing on a large-scale wireless sensor network with multiple base stations (BS), a key management protocol is designed in this paper. For securely relaying data between a node and a base station or two nodes, an end-to-end data security method is adopted by this protocol. Further employing a distributed key revocation scheme to efficiently remove compromised nodes then forms our key management protocol celled multi-BS key management protocol (MKMP). Through performance evaluation, we show that MKMP outperforms LEDS Ren et al. (IEEE Trans Mobile Comput 7(5):585–598, 2008) in terms of efficiency of resilience against the node capture attack. With the analysis of key storage overheads, we demonstrate that MKMP performs better than mKeying Wang et al. (A key management protocol for wireless sensor networks with multiple base stations. In: Procceedings of ICC'08, pp 1625–1629, 2008) in terms of this overhead.     

A Novel Verification Scheme for Fine-Grained Top-k Queries in Two-Tiered Sensor Networks

A two-tiered architecture with resource-rich master nodes at the upper tier and resource-poor sensor nodes at the lower tier is expected to be adopted in large scale sensor networks. In a hostile environment, adversaries are more motivated to compromise the master nodes to break the authenticity and completeness of query results, whereas it is lack of light and secure query processing protocol in tiered sensor networks at present. In this paper, we study the problem of verifiable fine-grained top- $k$ queries in two-tiered sensor networks, and propose a novel verification scheme, which is named Verification Scheme for Fine-grained Top- $k$ Queries (VSFTQ). To make top- $k$ query results verifiable, VSFTQ establishes relationships among data items of each sensor node using their orders, which are encrypted together with the scores of the data items and the interested time epoch number using distinct symmetric keys kept by each sensor node and the network owner. Both theoretical analysis and simulation results show that VSFTQ can not only ensure high probability of detecting forged and/or incomplete query results, but also significantly decrease the amount of verification information when compared with existing schemes.     

A taxonomy for medium access control protocols in wireless sensor networks

Wireless sensor networks (Wsns) tend to be highly optimized due to severely restricted constraints. Various medium access control (Mac) protocols forWsns have been proposed, being specially tailored to a target application. This paper proposes a taxonomy for the different mechanisms employed in those protocols. The taxonomy characterizes the protocols according to the methods implemented to handle energy consumption, quality of service and adaptability requirements. We also present an overview of the transceptors found inWsns, identifying how events on communication affect the energy consumption. Based on the taxonomy, we classify existingMac protocols. Finally, we discuss challenging trends inMac protocols forWsns, such as security issues and software radios.     

HHT-Based Security Enhancement Approach with Low Overhead for Coding-Based Reprogramming Protocols in Wireless Sensor Networks

Coding-based reprogramming protocols can effectively and remotely disseminate a new code image to all sensor nodes via wireless channels in wireless sensor networks. However, security service is crucial to these protocols when sensor nodes are deployed in adversarial environments. Existing security schemes can resist Pollution Attack, but the overheads are excessive. In this paper, a security enhancement approach with low overhead based on Hierarchical Hash Tree is proposed to enhance the security of the protocols. Our scheme is composed of two layers of Merkle Tree based on the ideas of hierarchy and aggregation. Then, the security of proposed approach is proven and the overheads of that are analyzed. Furthermore, our scheme is used to implement page authentication of Sreluge protocol, which is a representative reprogramming protocol based on random linear codes. Experimental results show that our scheme can cut authentication overhead by at least 43 % that of Merkle Tree and other overheads have been reduced markedly with the size of code image growing.     

Node coloring based replica detection technique in wireless sensor networks

Node replication attack possess a higher level of threat in wireless sensor networks. A replicated node takes advantage of having legal identity of the compromised node to control the network traffic and inject malicious information into the network. Several techniques have been proposed to detect node replication in wireless sensor networks. However, in most of these techniques, the responsibility for replica detection lies either with the base station or a few randomly selected witness nodes. In this paper, we propose a technique for detecting replicas without the participation of base station and witness nodes. In the proposed scheme, each node is assigned with a color (value), which is unique within its neighborhood. A color conflict within the neighborhood of a node is detected as a replica. We made a comparison of the proposed scheme with RED (Conti et al. in IEEE Trans Dependable Secure Comput 8(5):685–698, 2011), LSM (Parno et al. in Proceedings of IEEE symposium on security and privacy. IEEE, pp 49–63, 2005), and SET (Choi et al. in Proceedings of third international conference on security and privacy in communications networks and the workshops, SecureComm 2007. IEEE, pp 341–350, 2007). Parameters considered for comparison are detection probability, communication complexity and storage overhead. We observed that the proposed scheme has a higher detection probability, and lower communication and storage overhead.     

A novel caching scheme for improving Internet-based mobile ad hoc networks performance

Internet-based mobile ad hoc network (Imanet) is an emerging technique that combines a wired network (e.g. Internet) and a mobile ad hoc network (Manet) for developing a ubiquitous communication infrastructure. To fulfill users’ demand to access various kinds of information, however, an Imanet has several limitations such as limited accessibility to the wired Internet, insufficient wireless bandwidth, and longer message latency. In this paper, we address the issues involved in information search and access in Imanets. An aggregate caching mechanism and a broadcast-based Simple Search (SS) algorithm are proposed for improving the information accessibility and reducing average communication latency in Imanets. As a part of the aggregate cache, a cache admission control policy and a cache replacement policy, called Time and Distance Sensitive (TDS) replacement, are developed to reduce the cache miss ratio and improve the information accessibility. We evaluate the impact of caching, cache management, and the number of access points that are connected to the Internet, through extensive simulation. The simulation results indicate that the proposed aggregate caching mechanism can significantly improve an Imanet performance in terms of throughput and average number of hops to access data items.     

Mobility-awareness in group key management protocols within MANETs

Several sensitive applications deployed within wireless networks require group communications. A high level of security is often required in such applications, like military or public security applications. The most suitable solution to ensure security in these services is the deployment of a group key management protocol, adapted to the characteristics ofManets, especially to mobility of nodes. In this paper, we present theOmct (Optimized Multicast Cluster Tree) algorithm for dynamic clustering of multicast group, that takes into account both nodes localization and mobility, and optimizes the energy and bandwidth consumptions. Then, we show how we integrateOmct within our group key management protocolBalade, in a sequential multi-source model. The integration ofBalade andOmct allows an efficient and fast key distribution process, validated through simulations, by applying various models of mobility (individual mobility and group mobility). The impact of the mobility model on the performance and the behaviour of the group key management protocolBalade coupled withOmct, is also evaluated.     

Approximation algorithms for broadcasting in duty cycled wireless sensor networks

Broadcast is a fundamental operation in wireless sensor networks (WSNs). Given a source node with a packet to broadcast, the aim is to propagate the packet to all nodes in a collision free manner whilst incurring minimum latency. This problem, called minimum latency broadcast scheduling (MLBS), has been studied extensively in wireless ad-hoc networks whereby nodes remain on all the time, and has been shown to be NP-hard. However, only a few studies have addressed this problem in the context of duty-cycled WSNs. In these WSNs, nodes do not wake-up simultaneously, and hence, not all neighbors of a transmitting node will receive a broadcast packet at the same time. Unfortunately, the problem remains NP-hard and multiple transmissions may be necessary due to different wake-up times. Henceforth, this paper considers MLBS in duty cycled WSNs and presents two approximation algorithms, BS-1 and BS-2, that produce a maximum latency of at most \((\Delta -1) TH\) and \(13TH\) respectively. Here, \(\Delta\) is the maximum degree of nodes, \(T\) denotes the number of time slots in a scheduling period, and \(H\) is the broadcast latency lower bound obtained from the shortest path algorithm. We evaluated our algorithms under different network configurations and confirmed that the latencies achieved by our algorithms are much lower than existing schemes. In particular, compared to OTAB, the best broadcast scheduling algorithm to date, the broadcast latency and transmission times achieved by BS-1 is at least \(\frac{1}{17}\) and \(\frac{2}{5}\) that of OTAB respectively.     

Mutual Distance Bounding Protocol with Its Implementability Over a Noisy Channel and Its Utilization for Key Agreement in Peer-to-Peer Wireless Networks

In order to protect a wireless sensor network and an RFID system against wormhole and relay attacks respectively, distance bounding protocols are suggested for the past decade. In these protocols, a verifier authenticates a user as well as estimating an upper bound for the physical distance between the user and itself. Recently, distance bounding protocols, each with a mutual authentication, are proposed to increase the security level for such systems. They are also suggested to be deployed for key agreement protocols in a short-range wireless communication system to prevent Man-in-the-Middle attack. In this paper, a new mutual distance bounding protocol called NMDB is proposed with two security parameters ( \(n\) and \(t\) ). The parameter \(n\) denotes the number of iterations in an execution of the protocol and the parameter \(t\) presents the number of errors acceptable by the verifier during \(n\) iterations. This novel protocol is implementable in a noisy wireless environment without requiring final confirmation message. Moreover, it is shown that, how this protocol can be employed for the key agreement procedures to resist against Man-in-the-Middle attack. NMDB is also analyzed in a noisy environment to compute the success probability of attackers and the rejection probability of a valid user due to channel errors. The analytically obtained results show that, with the proper selection of the security parameters ( \(n\) and \(t\) ) in a known noisy environment, NMDB provides an appropriate security level with a reliable performance.     

Design and Analysis of Spatiotemporal Multicast Protocols for Wireless Sensor Networks

We propose a new multicast communication paradigm called “spatiotemporal multicast” for supporting applications which require spatiotemporal coordination in wireless sensor networks. In this paper we focus on a special class of spatiotemporal multicast called “mobicast” featuring a message delivery zone that moves at a constant velocity $\vec v$ . The key contributions of this work are: (1) the specification of mobicast and its performance metrics, (2) the introduction of four different mobicast protocols along with the analysis of their performance, (3) the introduction of two topological network compactness metrics for facilitating the design and analysis of spatiotemporal protocols, and (4) an experimental evaluation of compactness properties for random sensor networks and their effect on routing protocols.     

HVE-mobicast: a hierarchical-variant-egg-based mobicast routing protocol for wireless sensornets

In this paper, we propose a new mobicast routing protocol, called the HVE-mobicast (hierarchical-variant-egg-based mobicast) routing protocol, in wireless sensor networks (WSNs). Existing protocols for a spatiotemporal variant of the multicast protocol called a “mobicast” were designed to support a forwarding zone that moves at a constant velocity, \(\stackrel{\rightarrow}{v}\), through sensornets. The spatiotemporal characteristic of a mobicast is to forward a mobicast message to all sensor nodes that are present at time t in some geographic zone (called the forwarding zone) Z, where both the location and shape of the forwarding zone are a function of time over some interval (t _start ,t _end ). Mobicast routing protocol aims to provide reliable and just-in-time message delivery for a mobile sink node. To consider the mobile entity with the different moving speed, a new mobicast routing protocol is investigated in this work by utilizing the cluster-based approach. The message delivery of nodes in the forwarding zone of the HVE-mobicast routing protocol is transmitted by two phases; cluster-to-cluster and cluster-to-node phases. In the cluster-to-cluster phase, the cluster-head and relay nodes are distributively notified to wake them up. In the cluster-to-node phase, all member nodes are then notified to wake up by cluster-head nodes according to the estimated arrival time of the delivery zone. The key contribution of the HVE-mobicast routing protocol is that it is more power efficient than existing mobicast routing protocols, especially by considering different moving speeds and directions. Finally, simulation results illustrate performance enhancements in message overhead, power consumption, needlessly woken-up nodes, and successful woken-up ratio, compared to existing mobicast routing protocols.     

Multimedia communication in wireless sensor networks

The technological advances in Micro ElectroMechanical Systems (Mems) and wireless communications have enabled the realization of wireless sensor networks (Wsn) comprised of large number of low-cost, low-power, multifunctional sensor nodes. These tiny sensor nodes communicate in short distances and collaboratively work toward fulfilling the application specific objectives ofWsn. However, realization of wide range of envisionedWsn applications necessitates effective communication protocols which can address the unique challenges posed by theWsn paradigm. Since many of these envisioned applications may also involve in collecting information in the form of multimedia such as audio, image, and video; additional challenges due to the unique requirements of multimedia delivery overWsn, e.g., diverse reliability requirements, time constraints, high bandwidth demands, must be addressed as well. Thus far, vast majority of the research efforts has been focused on addressing the problems of conventional data communication inWsn. Therefore, there exists an urgent need for research on the problems of multimedia communication inWsn. In this paper, a survey of the research challenges and the current status of the literature on the multimedia communication inWsn is presented. More specifically, the multimediaWsn applications, factors influencing multimedia delivery overWsn, currently proposed solutions in application, transport, and network layers, are pointed out along with their shortcomings and open research issues.     

An improved key distribution mechanism for large-scale hierarchical wireless sensor networks

Wireless sensor networks are often deployed in hostile environments and operated on an unattended mode. In order to protect the sensitive data and the sensor readings, secret keys should be used to encrypt the exchanged messages between communicating nodes. Due to their expensive energy consumption and hardware requirements, asymmetric key based cryptographies are not suitable for resource-constrained wireless sensors. Several symmetric-key pre-distribution protocols have been investigated recently to establish secure links between sensor nodes, but most of them are not scalable due to their linearly increased communication and key storage overheads. Furthermore, existing protocols cannot provide sufficient security when the number of compromised nodes exceeds a critical value. To address these limitations, we propose an improved key distribution mechanism for large-scale wireless sensor networks. Based on a hierarchical network model and bivariate polynomial-key generation mechanism, our scheme guarantees that two communicating parties can establish a unique pairwise key between them. Compared with existing protocols, our scheme can provide sufficient security no matter how many sensors are compromised. Fixed key storage overhead, full network connectivity, and low communication overhead can also be achieved by the proposed scheme.     

Strong and privacy-friendly management of federated identities for service provision over UMTS

Mobile subscribers who wish to mutually authenticate to service providers on the Internet utilize existing identity management mechanisms, such as Microsoft .net passport, overlooking the existing trust relationship between the subscriber and the 3G mobile operator and increasing network resources consumption, in an environment that requires security mechanisms that are as lightweight as possible. Furthermore, knowledge as well as the possession of an item, does not distinguish a person uniquely, revealing an inherent security weakness of pin authentication mechanisms. This paper proposes a protocol (3GbioId) for implementing strong identity management for Internet applications over 3G mobile networks. 3GBioId introduces biometrics, as well as the principles of the Liberty Alliance, into the 3G mobile security architecture, targeting to a more effective, secure and lightweight identity management alternative to the existing protocols. The results of a security, privacy, performance, usability and complexity evaluation indicate 3GbioId’s benefits and limits.     

Un environnement de conception de systèmes distribués basé sur UML

This paper introduces a new environment for developing distributed systems. It is based on theTurtle uml profile. Analysis and design phases, described in previous papers, have been extended with an additional deployment phase. In this new step,Turtle components are deployed over hardware execution nodes, and nodes are connected together throughout links,Turtle deployment diagrams are given a formal semantics inRt-lotos, therefore following the approach used forTurtle analysis and design diagrams. Moreover, the paper presents a Java code generator which outputs appropriate Java code forTurtle deployment diagrams. This code is automatically deployable on networks because it implements node communication using network protocols such asUdp orRmi. ttool, the turtle toolkit has been extended to support these new diagrams and code generators. The attack of protected data exchanged throughout securedHttp sessions serves as example.     

A hybrid multiagent routing approach for wireless ad hoc networks

Wireless ad-hoc networks are infrastructureless networks that comprise wireless mobile nodes able to communicate each other outside wireless transmission range. Due to frequent network topology changes in one hand and the limited underlying bandwidth in the other hand, routing becomes a challenging task. In this paper we present a novel routing algorithm devoted for mobile ad hoc networks. It entails both reactive and proactive components. More precisely, the algorithm is based on ant general behavior, but differs from the classic ant methods inspired from Ant-Colony-Optimization algorithm [1]. We do not use, during the reactive phase, a broadcasting technique that exponentially increases the routing overhead, but we introduce a new reactive route discovery technique that considerably reduces the communication overhead. In the simulation results, we show that our protocol can outperform both Ad hoc On-demand Distance Vector (AODV) protocol [2], one of the most important current state-of-the-art algorithms, and AntHocNet protocol [5], one of the most important ant-based routing algorithms, in terms of end-to-end delay, packet delivery ratio and the communication overhead.     

Network-controlled mobility within radio access networks based onWLAN technologies

This article presents a network-controlled approach of user terminal mobility within anIP based WirelessLAN Access Network. In a first part, this article makes a review of the mobility support, on the subject of emergingWLAN technologies asHIPERLAN/2 andIEEE 802.11, on the one hand, and, regardingIP networks as currently studied withinIETF, on the other hand. Both types ofIP mobility protocols are presented, either global mobility protocols such as MobileIP, or local mobility management protocols (micro mobility). In the next part, the overall principles of our mobility management approach are explained; this approach is based on the implementation of a new network entity dedicated to the control of user terminal mobility. The last part details a practical implementation of this approach. The implementation is carried out on the basis of Hierarchical MobileIPv6 (HMIPv6). The experimental results confirm the importance to carefully plan and control the user terminal mobility within largeIP based Access Networks, as this brings benefit to the user as well as to the operator.     

Census: fast,scalable and robust data aggregation in MANETs

This paper describes Census, a protocol for data aggregation and statistical counting in MANETs. Census operates by circulating a set of tokens in the network using biased random walks such that each node is visited by at least one token. The protocol is structure-free so as to avoid high messaging overhead for maintaining structure in the presence of node mobility. It biases the random walks of tokens so as to achieve fast cover time; the bias involves short albeit multi-hop gradients that guide the tokens towards hitherto unvisited nodes. Census thus achieves a cover time of O(N) and message overhead of \(O(N\,log(N))\) where N is the number of nodes. Notably, it enjoys scalability and robustness, which we demonstrate via simulations in networks ranging from 100 to 4000 nodes under different network densities and mobility models. We also observe a speedup by a factor of k when k different tokens are used (\(1 \le k \le \sqrt{N}\)).